R
Railway11mo ago
4tendev

django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: '34.127.112.140:7021'.

im using cloudfalre to proxy for my django app how it possible to someone call my ap with ip ? i also got this inlogs 7:M 28 Dec 2023 23:02:53.169 # Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection from 192.168.48.3:59764 aborted. is it possible someone trying to attack me ? should i be consern ?
9 Replies
Percy
Percy11mo ago
Project ID: N/A
Brody
Brody11mo ago
that would be a check from railway, there is absolutely nothing to be concerned about despite the ugly message in your logs
4tendev
4tendev11mo ago
so no one can call my app with ip ? i also see some called my apps with local host !
Brody
Brody11mo ago
no you cant call your app with just an ip, you would need to specify a valid host header i assure you, there is nothing to worry about
4tendev
4tendev11mo ago
Invalid HTTP_HOST header: '34.127.112.140:7021'. You may need to add '34.127.112.140' to ALLOWED_HOSTS. Invalid HTTP_HOST header: ':::8000'. The domain name provided is not valid according to RFC 1034/1035. as i know both of these meanes somebody called my app in manner it shouldnt
Brody
Brody11mo ago
again, that would be a check from railway
4tendev
4tendev11mo ago
ok ty and also somebody checked for common admin access url is it also done by railway ? like /admin /wp-admin ...
Brody
Brody11mo ago
no thats normal bot scanner stuff
4tendev
4tendev11mo ago
ok ty
Want results from more Discord servers?
Add your server