django error:DisallowedHost: Invalid HTTP_HOST header: ''. You may need to add u'' to ALLOWED_HOST

最新推荐文章于 2024-02-02 19:40:02 发布
原创 最新推荐文章于 2024-02-02 19:40:02 发布 · 1.3w 阅读 · 2 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#dango #error

本文介绍了解决因ALLOWED_HOSTS设置不当导致的错误日志问题。通过正确配置项目settings.py文件中的ALLOWED_HOSTS参数,加入指定的IP地址(如198.211.99.20),可以有效避免错误日志提示并确保项目的正常运行。

The error log is straightforward. As it suggested,You need to add 198.211.99.20 to your ALLOWED_HOSTS setting.

In your project settings.py file,set ALLOWED_HOSTS like this :

ALLOWED_HOSTS = ['198.211.99.20', 'localhost', '127.0.0.1']

For further reading, Read from here.

通过IP访问Django页面报错 DisallowedHost at……
Linux I Tell U
10-21 615
问题 运行Django服务后,通过浏览器中IP地址访问后出现如下报错。 DisallowedHost at / Invalid HTTP_HOST header: '10.110.17.155:8000'. You may need to add u'10.110.17.155' to ALLOWED_HOSTS. 原因 这是由于没有在settings.py中进行访问授权 解决方法 进入项目目录后编辑 settings.py文件 nano settings.py ALLOWED_HOSTS = [
Linux 启动Django错误 Error: That IP address can't be assigned to. 或者504 Gateway Timeout错误
neu_xiaolu的博客
03-06 1438
启动Django服务,报错: [xxx@hz-build-cloud-cbts02-okqvd alice_django_cbts]$ python3 manage.py runserver 10.182.100.128:8080 Performing system checks... System check identified no issues (0 silenced). March...
django第一个项目127.0.0.1:8000不能访问解决方案
weixin_41931476的博客
04-07 4183
博主本地环境: VMware Centos7.6 django2.22 python3.6 出现这个的原因分析: 第一:您在VMware中的虚拟主机地址ip设置问题,您站点的地址是您自己的服务器网卡地址,这个可以用ifconfig查看, 所以,你跟着《python从入门到实践》或者其他博文去操作的话,这个肯定默认启动的是127.0.0.1:8000 python manage.py runserver 第二:因此笔者启动了自己虚拟主机的网络地址即:10.0.0.200 python m
django搭建环境项目 笔记一
Doraemon_meow_meow的博客
03-16 412
首先创建django项目 django-admin startproject idvip 这将创建一个目录myweb, 在manage.py同级目录下可以用以下命令进行运行 sudo python3 manage.py runserver 0:8000 如果报错,那么在seetiong文件夹配置以下内容 DisallowedHost at /polls Invalid HTTP_HOST he...
访问django项目报错DisallowedHost : Invalid HTTP_HOST header
banche163的专栏
01-04 2669
django运行第一个项目HelloWorld,执行脚本如下: python manage.py runserver 0.0.0.0.8000 报错:DisallowedHost : Invalid HTTP_HOST header: '172.19.23.9:8000'. You may need to add u'172.19.23.9:8000' to ALLOWED_HOSTS.
Django在linux下创建一个项目,出现Invalid HTTP_HOST header:“IP地址“.You may need to add ‘IP地址‘to ALLOWED_HOSTS
qq_56696697的博客
03-22 6735
Django在linux下创建一个HelloWlord项目,出现Invalid HTTP_HOST header:"IP地址".You may need to add 'IP地址'to ALLOWED_HOSTS,如下图:
zzz@zzz-virtual-machine:~/Desktop$ curl "http://192.168.20.128:8000/vuln/?geom=SRID=4326;SELECT%20version();--" <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="NONE,NOARCHIVE"> <title>DisallowedHost at /vuln/</title> <style type="text/css"> html * { padding:0; margin:0; } body * { padding:10px 20px; } body * * { padding:0; } body { font:small sans-serif; background-color:#fff; color:#000; } body>div { border-bottom:1px solid #ddd; } h1 { font-weight:normal; } h2 { margin-bottom:.8em; } h3 { margin:1em 0 .5em 0; } h4 { margin:0 0 .5em 0; font-weight: normal; } code, pre { font-size: 100%; white-space: pre-wrap; } table { border:1px solid #ccc; border-collapse: collapse; width:100%; background:white; } tbody td, tbody th { vertical-align:top; padding:2px 3px; } thead th { padding:1px 6px 1px 3px; background:#fefefe; text-align:left; font-weight:normal; font-size:11px; border:1px solid #ddd; } tbody th { width:12em; text-align:right; color:#666; padding-right:.5em; } table.vars { margin:5px 0 2px 40px; } table.vars td, table.req td { font-family:monospace; } table td.code { width:100%; } table td.code pre { overflow:hidden; } table.source th { color:#666; } table.source td { font-family:monospace; white-space:pre; border-bottom:1px solid #eee; } ul.traceback { list-style-type:none; color: #222; } ul.traceback li.frame { padding-bottom:1em; color:#4f4f4f; } ul.traceback li.user { background-color:#e0e0e0; color:#000 } div.context { padding:10px 0; overflow:hidden; } div.context ol { padding-left:30px; margin:0 10px; list-style-position: inside; } div.context ol li { font-family:monospace; white-space:pre; color:#777; cursor:pointer; padding-left: 2px; } div.context ol li pre { display:inline; } div.context ol.context-line li { color:#464646; background-color:#dfdfdf; padding: 3px 2px; } div.context ol.context-line li span { position:absolute; right:32px; } .user div.context ol.context-line li { background-color:#bbb; color:#000; } .user div.context ol li { color:#666; } div.commands { margin-left: 40px; } div.commands a { color:#555; text-decoration:none; } .user div.commands a { color: black; } #summary { background: #ffc; } #summary h2 { font-weight: normal; color: #666; } #explanation { background:#eee; } #template, #template-not-exist { background:#f6f6f6; } #template-not-exist ul { margin: 0 0 10px 20px; } #template-not-exist .postmortem-section { margin-bottom: 3px; } #unicode-hint { background:#eee; } #traceback { background:#eee; } #requestinfo { background:#f6f6f6; padding-left:120px; } #summary table { border:none; background:transparent; } #requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; } #requestinfo h3 { margin-bottom:-1em; } .error { background: #ffc; } .specific { color:#cc3300; font-weight:bold; } h2 span.commands { font-size:.7em; font-weight:normal; } span.commands a:link {color:#5E5694;} pre.exception_value { font-family: sans-serif; color: #575757; font-size: 1.5em; margin: 10px 0 10px 0; } .append-bottom { margin-bottom: 10px; } </style> <script type="text/javascript"> function hideAll(elems) { for (var e = 0; e < elems.length; e++) { elems[e].style.display = 'none'; } } window.onload = function() { hideAll(document.querySelectorAll('table.vars')); hideAll(document.querySelectorAll('ol.pre-context')); hideAll(document.querySelectorAll('ol.post-context')); hideAll(document.querySelectorAll('div.pastebin')); } function toggle() { for (var i = 0; i < arguments.length; i++) { var e = document.getElementById(arguments[i]); if (e) { e.style.display = e.style.display == 'none' ? 'block': 'none'; } } return false; } function varToggle(link, id) { toggle('v' + id); var s = link.getElementsByTagName('span')[0]; var uarr = String.fromCharCode(0x25b6); var darr = String.fromCharCode(0x25bc); s.textContent = s.textContent == uarr ? darr : uarr; return false; } function switchPastebinFriendly(link) { s1 = "Switch to copy-and-paste view"; s2 = "Switch back to interactive view"; link.textContent = link.textContent.trim() == s1 ? s2: s1; toggle('browserTraceback', 'pastebinTraceback'); return false; } </script> </head> <body> <div id="summary"> <h1>DisallowedHost at /vuln/</h1> <pre class="exception_value">Invalid HTTP_HOST header: '192.168.20.128:8000'. You may need to add '192.168.20.128' to ALLOWED_HOSTS.</pre> <table class="meta"> <tr> <th>Request Method:</th> <td>GET</td> </tr> <tr> <th>Request URL:</th> <td>http://192.168.20.128:8000/vuln/?geom=SRID=4326;SELECT%20version();--</td> </tr> <tr> <th>Django Version:</th> <td>3.0.3</td> </tr> <tr> <th>Exception Type:</th> <td>DisallowedHost</td> </tr> <tr> <th>Exception Value:</th> <td><pre>Invalid HTTP_HOST header: '192.168.20.128:8000'. You may need to add '192.168.20.128' to ALLOWED_HOSTS.</pre></td> </tr> <tr> <th>Exception Location:</th> <td>/usr/local/lib/python3.10/dist-packages/django/http/request.py in get_host, line 122</td> </tr> <tr> <th>Python Executable:</th> <td>/usr/bin/python3</td> </tr> <tr> <th>Python Version:</th> <td>3.10.12</td> </tr> <tr> <th>Python Path:</th> <td><pre>['/root/django_cve_2020_9402', '/usr/lib/python310.zip', '/usr/lib/python3.10', '/usr/lib/python3.10/lib-dynload', '/usr/local/lib/python3.10/dist-packages', '/usr/lib/python3/dist-packages']</pre></td> </tr> <tr> <th>Server time:</th> <td>Sun, 30 Nov 2025 15:13:50 +0000</td> </tr> </table> </div> <div id="traceback"> <h2>Traceback <span class="commands"><a href="#" onclick="return switchPastebinFriendly(this);"> Switch to copy-and-paste view</a></span> </h2> <div id="browserTraceback"> <ul class="traceback"> <li class="frame django"> <code>/usr/local/lib/python3.10/dist-packages/django/core/handlers/exception.py</code> in <code>inner</code> <div class="context" id="c139322622269440"> <ol start="27" class="pre-context" id="pre139322622269440"> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> This decorator is automatically applied to all middleware to ensure that</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> no middleware leaks an exception and that the next middleware in the stack</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> can rely on getting a response instead of an exception.</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> """</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> @wraps(get_response)</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> def inner(request):</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> try:</pre></li> </ol> <ol start="34" class="context-line"> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> response = get_response(request)</pre> <span>…</span></li> </ol> <ol start='35' class="post-context" id="post139322622269440"> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> except Exception as exc:</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> response = response_for_exception(request, exc)</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> return response</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre> return inner</pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre></pre></li> <li onclick="toggle('pre139322622269440', 'post139322622269440')"><pre></pre></li> </ol> </div> <div class="commands"> <a href="#" onclick="return varToggle(this, '139322622269440')"><span>▶</span> Local vars</a> </div> <table class="vars" id="v139322622269440"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>exc</td> <td class="code"><pre>DisallowedHost("Invalid HTTP_HOST header: '192.168.20.128:8000'. You may need to add '192.168.20.128' to ALLOWED_HOSTS.")</pre></td> </tr> <tr> <td>get_response</td> <td class="code"><pre><django.middleware.common.CommonMiddleware object at 0x7eb69376d9c0></pre></td> </tr> <tr> <td>request</td> <td class="code"><pre><WSGIRequest: GET '/vuln/?geom=SRID=4326;SELECT%20version();--'></pre></td> </tr> </tbody> </table> </li> <li class="frame django"> <code>/usr/local/lib/python3.10/dist-packages/django/utils/deprecation.py</code> in <code>__call__</code> <div class="context" id="c139322622271488"> <ol start="86" class="pre-context" id="pre139322622271488"> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> def __init__(self, get_response=None):</pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> self.get_response = get_response</pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> super().__init__()</pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre></pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> def __call__(self, request):</pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> response = None</pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> if hasattr(self, 'process_request'):</pre></li> </ol> <ol start="93" class="context-line"> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> response = self.process_request(request)</pre> <span>…</span></li> </ol> <ol start='94' class="post-context" id="post139322622271488"> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> response = response or self.get_response(request)</pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> if hasattr(self, 'process_response'):</pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> response = self.process_response(request, response)</pre></li> <li onclick="toggle('pre139322622271488', 'post139322622271488')"><pre> return response</pre></li> </ol> </div> <div class="commands"> <a href="#" onclick="return varToggle(this, '139322622271488')"><span>▶</span> Local vars</a> </div> <table class="vars" id="v139322622271488"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>request</td> <td class="code"><pre><WSGIRequest: GET '/vuln/?geom=SRID=4326;SELECT%20version();--'></pre></td> </tr> <tr> <td>response</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>self</td> <td class="code"><pre><django.middleware.common.CommonMiddleware object at 0x7eb69376d9c0></pre></td> </tr> </tbody> </table> </li> <li class="frame django"> <code>/usr/local/lib/python3.10/dist-packages/django/middleware/common.py</code> in <code>process_request</code> <div class="context" id="c139322622275264"> <ol start="41" class="pre-context" id="pre139322622275264"> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> user_agent = request.META.get('HTTP_USER_AGENT')</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> if user_agent is not None:</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> for user_agent_regex in settings.DISALLOWED_USER_AGENTS:</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> if user_agent_regex.search(user_agent):</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> raise PermissionDenied('Forbidden user agent')</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre></pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> # Check for a redirect based on settings.PREPEND_WWW</pre></li> </ol> <ol start="48" class="context-line"> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> host = request.get_host()</pre> <span>…</span></li> </ol> <ol start='49' class="post-context" id="post139322622275264"> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> must_prepend = settings.PREPEND_WWW and host and not host.startswith('www.')</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> redirect_url = ('%s://www.%s' % (request.scheme, host)) if must_prepend else ''</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre></pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> # Check if a slash should be appended</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> if self.should_redirect_with_slash(request):</pre></li> <li onclick="toggle('pre139322622275264', 'post139322622275264')"><pre> path = self.get_full_path_with_slash(request)</pre></li> </ol> </div> <div class="commands"> <a href="#" onclick="return varToggle(this, '139322622275264')"><span>▶</span> Local vars</a> </div> <table class="vars" id="v139322622275264"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>request</td> <td class="code"><pre><WSGIRequest: GET '/vuln/?geom=SRID=4326;SELECT%20version();--'></pre></td> </tr> <tr> <td>self</td> <td class="code"><pre><django.middleware.common.CommonMiddleware object at 0x7eb69376d9c0></pre></td> </tr> <tr> <td>user_agent</td> <td class="code"><pre>'curl/7.81.0'</pre></td> </tr> </tbody> </table> </li> <li class="frame django"> <code>/usr/local/lib/python3.10/dist-packages/django/http/request.py</code> in <code>get_host</code> <div class="context" id="c139322622272448"> <ol start="115" class="pre-context" id="pre139322622272448"> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> return host</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> else:</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> msg = "Invalid HTTP_HOST header: %r." % host</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> if domain:</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> msg += " You may need to add %r to ALLOWED_HOSTS." % domain</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> else:</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> msg += " The domain name provided is not valid according to RFC 1034/1035."</pre></li> </ol> <ol start="122" class="context-line"> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> raise DisallowedHost(msg)</pre> <span>…</span></li> </ol> <ol start='123' class="post-context" id="post139322622272448"> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre></pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> def get_port(self):</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> """Return the port number for the request as a string."""</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> if settings.USE_X_FORWARDED_PORT and 'HTTP_X_FORWARDED_PORT' in self.META:</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> port = self.META['HTTP_X_FORWARDED_PORT']</pre></li> <li onclick="toggle('pre139322622272448', 'post139322622272448')"><pre> else:</pre></li> </ol> </div> <div class="commands"> <a href="#" onclick="return varToggle(this, '139322622272448')"><span>▶</span> Local vars</a> </div> <table class="vars" id="v139322622272448"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>allowed_hosts</td> <td class="code"><pre>['localhost', '127.0.0.1', '[::1]']</pre></td> </tr> <tr> <td>domain</td> <td class="code"><pre>'192.168.20.128'</pre></td> </tr> <tr> <td>host</td> <td class="code"><pre>'192.168.20.128:8000'</pre></td> </tr> <tr> <td>msg</td> <td class="code"><pre>("Invalid HTTP_HOST header: '192.168.20.128:8000'. You may need to add " "'192.168.20.128' to ALLOWED_HOSTS.")</pre></td> </tr> <tr> <td>port</td> <td class="code"><pre>'8000'</pre></td> </tr> <tr> <td>self</td> <td class="code"><pre><WSGIRequest: GET '/vuln/?geom=SRID=4326;SELECT%20version();--'></pre></td> </tr> </tbody> </table> </li> </ul> </div> <form action="http://dpaste.com/" name="pasteform" id="pasteform" method="post"> <div id="pastebinTraceback" class="pastebin"> <input type="hidden" name="language" value="PythonConsole"> <input type="hidden" name="title" value="DisallowedHost at /vuln/"> <input type="hidden" name="source" value="Django Dpaste Agent"> <input type="hidden" name="poster" value="Django"> <textarea name="content" id="traceback_area" cols="140" rows="25"> Environment: Request Method: GET Request URL: http://192.168.20.128:8000/vuln/?geom=SRID=4326;SELECT%20version();-- Django Version: 3.0.3 Python Version: 3.10.12 Installed Applications: ['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app'] Installed Middleware: ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware'] Traceback (most recent call last): File "/usr/local/lib/python3.10/dist-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/usr/local/lib/python3.10/dist-packages/django/utils/deprecation.py", line 93, in __call__ response = self.process_request(request) File "/usr/local/lib/python3.10/dist-packages/django/middleware/common.py", line 48, in process_request host = request.get_host() File "/usr/local/lib/python3.10/dist-packages/django/http/request.py", line 122, in get_host raise DisallowedHost(msg) Exception Type: DisallowedHost at /vuln/ Exception Value: Invalid HTTP_HOST header: '192.168.20.128:8000'. You may need to add '192.168.20.128' to ALLOWED_HOSTS. </textarea> <br><br> <input type="submit" value="Share this traceback on a public website"> </div> </form> </div> <div id="requestinfo"> <h2>Request information</h2> <h3 id="user-info">USER</h3> <p>[unable to retrieve the current user]</p> <h3 id="get-info">GET</h3> <table class="req"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>geom</td> <td class="code"><pre>'SRID=4326'</pre></td> </tr> <tr> <td>SELECT version()</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>--</td> <td class="code"><pre>''</pre></td> </tr> </tbody> </table> <h3 id="post-info">POST</h3> <p>No POST data</p> <h3 id="files-info">FILES</h3> <p>No FILES data</p> <h3 id="cookie-info">COOKIES</h3> <p>No cookie data</p> <h3 id="meta-info">META</h3> <table class="req"> <thead> <tr> <th>Variable</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>COLORTERM</td> <td class="code"><pre>'truecolor'</pre></td> </tr> <tr> <td>CONTENT_LENGTH</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>CONTENT_TYPE</td> <td class="code"><pre>'text/plain'</pre></td> </tr> <tr> <td>DEBUGINFOD_URLS</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>DISPLAY</td> <td class="code"><pre>':0'</pre></td> </tr> <tr> <td>DJANGO_SETTINGS_MODULE</td> <td class="code"><pre>'vuln.settings'</pre></td> </tr> <tr> <td>GATEWAY_INTERFACE</td> <td class="code"><pre>'CGI/1.1'</pre></td> </tr> <tr> <td>HOME</td> <td class="code"><pre>'/root'</pre></td> </tr> <tr> <td>HTTP_ACCEPT</td> <td class="code"><pre>'*/*'</pre></td> </tr> <tr> <td>HTTP_HOST</td> <td class="code"><pre>'192.168.20.128:8000'</pre></td> </tr> <tr> <td>HTTP_USER_AGENT</td> <td class="code"><pre>'curl/7.81.0'</pre></td> </tr> <tr> <td>LANG</td> <td class="code"><pre>'en_US.UTF-8'</pre></td> </tr> <tr> <td>LANGUAGE</td> <td class="code"><pre>'en_US:'</pre></td> </tr> <tr> <td>LC_ADDRESS</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_IDENTIFICATION</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_MEASUREMENT</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_MONETARY</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_NAME</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_NUMERIC</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_PAPER</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_TELEPHONE</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LC_TIME</td> <td class="code"><pre>'zh_CN.UTF-8'</pre></td> </tr> <tr> <td>LESSCLOSE</td> <td class="code"><pre>'/usr/bin/lesspipe %s %s'</pre></td> </tr> <tr> <td>LESSOPEN</td> <td class="code"><pre>'| /usr/bin/lesspipe %s'</pre></td> </tr> <tr> <td>LOGNAME</td> <td class="code"><pre>'root'</pre></td> </tr> <tr> <td>LS_COLORS</td> <td class="code"><pre>'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'</pre></td> </tr> <tr> <td>MAIL</td> <td class="code"><pre>'/var/mail/root'</pre></td> </tr> <tr> <td>OLDPWD</td> <td class="code"><pre>'/root/vulhub/django/CVE-2020-9402/src'</pre></td> </tr> <tr> <td>PATH</td> <td class="code"><pre>'/xp/server/docker:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/xp/server/docker'</pre></td> </tr> <tr> <td>PATH_INFO</td> <td class="code"><pre>'/vuln/'</pre></td> </tr> <tr> <td>PWD</td> <td class="code"><pre>'/root/django_cve_2020_9402'</pre></td> </tr> <tr> <td>QUERY_STRING</td> <td class="code"><pre>'geom=SRID=4326;SELECT%20version();--'</pre></td> </tr> <tr> <td>REMOTE_ADDR</td> <td class="code"><pre>'192.168.20.128'</pre></td> </tr> <tr> <td>REMOTE_HOST</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>REQUEST_METHOD</td> <td class="code"><pre>'GET'</pre></td> </tr> <tr> <td>RUN_MAIN</td> <td class="code"><pre>'true'</pre></td> </tr> <tr> <td>SCRIPT_NAME</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>SERVER_NAME</td> <td class="code"><pre>'zzz-virtual-machine'</pre></td> </tr> <tr> <td>SERVER_PORT</td> <td class="code"><pre>'8000'</pre></td> </tr> <tr> <td>SERVER_PROTOCOL</td> <td class="code"><pre>'HTTP/1.1'</pre></td> </tr> <tr> <td>SERVER_SOFTWARE</td> <td class="code"><pre>'WSGIServer/0.2'</pre></td> </tr> <tr> <td>SHELL</td> <td class="code"><pre>'/bin/bash'</pre></td> </tr> <tr> <td>SHLVL</td> <td class="code"><pre>'1'</pre></td> </tr> <tr> <td>SUDO_COMMAND</td> <td class="code"><pre>'/bin/bash'</pre></td> </tr> <tr> <td>SUDO_GID</td> <td class="code"><pre>'1000'</pre></td> </tr> <tr> <td>SUDO_UID</td> <td class="code"><pre>'1000'</pre></td> </tr> <tr> <td>SUDO_USER</td> <td class="code"><pre>'zzz'</pre></td> </tr> <tr> <td>TERM</td> <td class="code"><pre>'xterm-256color'</pre></td> </tr> <tr> <td>TZ</td> <td class="code"><pre>'UTC'</pre></td> </tr> <tr> <td>USER</td> <td class="code"><pre>'root'</pre></td> </tr> <tr> <td>XAUTHORITY</td> <td class="code"><pre>'/run/user/1000/.mutter-Xwaylandauth.T2BDG3'</pre></td> </tr> <tr> <td>XDG_CURRENT_DESKTOP</td> <td class="code"><pre>'ubuntu:GNOME'</pre></td> </tr> <tr> <td>XDG_DATA_DIRS</td> <td class="code"><pre>'/usr/share/gnome:/usr/local/share:/usr/share:/var/lib/snapd/desktop'</pre></td> </tr> <tr> <td>_</td> <td class="code"><pre>'/usr/bin/python3'</pre></td> </tr> <tr> <td>wsgi.errors</td> <td class="code"><pre><_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'></pre></td> </tr> <tr> <td>wsgi.file_wrapper</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>wsgi.input</td> <td class="code"><pre><django.core.handlers.wsgi.LimitedStream object at 0x7eb693612f80></pre></td> </tr> <tr> <td>wsgi.multiprocess</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>wsgi.multithread</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>wsgi.run_once</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>wsgi.url_scheme</td> <td class="code"><pre>'http'</pre></td> </tr> <tr> <td>wsgi.version</td> <td class="code"><pre>(1, 0)</pre></td> </tr> </tbody> </table> <h3 id="settings-info">Settings</h3> <h4>Using settings module <code>vuln.settings</code></h4> <table class="req"> <thead> <tr> <th>Setting</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>ABSOLUTE_URL_OVERRIDES</td> <td class="code"><pre>{}</pre></td> </tr> <tr> <td>ADMINS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>ALLOWED_HOSTS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>APPEND_SLASH</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>AUTHENTICATION_BACKENDS</td> <td class="code"><pre>['django.contrib.auth.backends.ModelBackend']</pre></td> </tr> <tr> <td>AUTH_PASSWORD_VALIDATORS</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>AUTH_USER_MODEL</td> <td class="code"><pre>'auth.User'</pre></td> </tr> <tr> <td>BASE_DIR</td> <td class="code"><pre>'/root/django_cve_2020_9402'</pre></td> </tr> <tr> <td>CACHES</td> <td class="code"><pre>{'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}</pre></td> </tr> <tr> <td>CACHE_MIDDLEWARE_ALIAS</td> <td class="code"><pre>'default'</pre></td> </tr> <tr> <td>CACHE_MIDDLEWARE_KEY_PREFIX</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>CACHE_MIDDLEWARE_SECONDS</td> <td class="code"><pre>600</pre></td> </tr> <tr> <td>CSRF_COOKIE_AGE</td> <td class="code"><pre>31449600</pre></td> </tr> <tr> <td>CSRF_COOKIE_DOMAIN</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>CSRF_COOKIE_HTTPONLY</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>CSRF_COOKIE_NAME</td> <td class="code"><pre>'csrftoken'</pre></td> </tr> <tr> <td>CSRF_COOKIE_PATH</td> <td class="code"><pre>'/'</pre></td> </tr> <tr> <td>CSRF_COOKIE_SAMESITE</td> <td class="code"><pre>'Lax'</pre></td> </tr> <tr> <td>CSRF_COOKIE_SECURE</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>CSRF_FAILURE_VIEW</td> <td class="code"><pre>'django.views.csrf.csrf_failure'</pre></td> </tr> <tr> <td>CSRF_HEADER_NAME</td> <td class="code"><pre>'HTTP_X_CSRFTOKEN'</pre></td> </tr> <tr> <td>CSRF_TRUSTED_ORIGINS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>CSRF_USE_SESSIONS</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>DATABASES</td> <td class="code"><pre>{'default': {'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'ENGINE': 'django.db.backends.sqlite3', 'HOST': '', 'NAME': '/root/django_cve_2020_9402/db.sqlite3', 'OPTIONS': {}, 'PASSWORD': '********************', 'PORT': '', 'TEST': {'CHARSET': None, 'COLLATION': None, 'MIRROR': None, 'NAME': None}, 'TIME_ZONE': None, 'USER': ''}}</pre></td> </tr> <tr> <td>DATABASE_ROUTERS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>DATA_UPLOAD_MAX_MEMORY_SIZE</td> <td class="code"><pre>2621440</pre></td> </tr> <tr> <td>DATA_UPLOAD_MAX_NUMBER_FIELDS</td> <td class="code"><pre>1000</pre></td> </tr> <tr> <td>DATETIME_FORMAT</td> <td class="code"><pre>'N j, Y, P'</pre></td> </tr> <tr> <td>DATETIME_INPUT_FORMATS</td> <td class="code"><pre>['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y']</pre></td> </tr> <tr> <td>DATE_FORMAT</td> <td class="code"><pre>'N j, Y'</pre></td> </tr> <tr> <td>DATE_INPUT_FORMATS</td> <td class="code"><pre>['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y']</pre></td> </tr> <tr> <td>DEBUG</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>DEBUG_PROPAGATE_EXCEPTIONS</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>DECIMAL_SEPARATOR</td> <td class="code"><pre>'.'</pre></td> </tr> <tr> <td>DEFAULT_CHARSET</td> <td class="code"><pre>'utf-8'</pre></td> </tr> <tr> <td>DEFAULT_EXCEPTION_REPORTER_FILTER</td> <td class="code"><pre>'django.views.debug.SafeExceptionReporterFilter'</pre></td> </tr> <tr> <td>DEFAULT_FILE_STORAGE</td> <td class="code"><pre>'django.core.files.storage.FileSystemStorage'</pre></td> </tr> <tr> <td>DEFAULT_FROM_EMAIL</td> <td class="code"><pre>'webmaster@localhost'</pre></td> </tr> <tr> <td>DEFAULT_INDEX_TABLESPACE</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>DEFAULT_TABLESPACE</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>DISALLOWED_USER_AGENTS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>EMAIL_BACKEND</td> <td class="code"><pre>'django.core.mail.backends.smtp.EmailBackend'</pre></td> </tr> <tr> <td>EMAIL_HOST</td> <td class="code"><pre>'localhost'</pre></td> </tr> <tr> <td>EMAIL_HOST_PASSWORD</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>EMAIL_HOST_USER</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>EMAIL_PORT</td> <td class="code"><pre>25</pre></td> </tr> <tr> <td>EMAIL_SSL_CERTFILE</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>EMAIL_SSL_KEYFILE</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>EMAIL_SUBJECT_PREFIX</td> <td class="code"><pre>'[Django] '</pre></td> </tr> <tr> <td>EMAIL_TIMEOUT</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>EMAIL_USE_LOCALTIME</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>EMAIL_USE_SSL</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>EMAIL_USE_TLS</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>FILE_CHARSET</td> <td class="code"><pre>'utf-8'</pre></td> </tr> <tr> <td>FILE_UPLOAD_DIRECTORY_PERMISSIONS</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>FILE_UPLOAD_HANDLERS</td> <td class="code"><pre>['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler']</pre></td> </tr> <tr> <td>FILE_UPLOAD_MAX_MEMORY_SIZE</td> <td class="code"><pre>2621440</pre></td> </tr> <tr> <td>FILE_UPLOAD_PERMISSIONS</td> <td class="code"><pre>420</pre></td> </tr> <tr> <td>FILE_UPLOAD_TEMP_DIR</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>FIRST_DAY_OF_WEEK</td> <td class="code"><pre>0</pre></td> </tr> <tr> <td>FIXTURE_DIRS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>FORCE_SCRIPT_NAME</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>FORMAT_MODULE_PATH</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>FORM_RENDERER</td> <td class="code"><pre>'django.forms.renderers.DjangoTemplates'</pre></td> </tr> <tr> <td>IGNORABLE_404_URLS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>INSTALLED_APPS</td> <td class="code"><pre>['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app']</pre></td> </tr> <tr> <td>INTERNAL_IPS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>LANGUAGES</td> <td class="code"><pre>[('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('hy', 'Armenian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('uz', 'Uzbek'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')]</pre></td> </tr> <tr> <td>LANGUAGES_BIDI</td> <td class="code"><pre>['he', 'ar', 'fa', 'ur']</pre></td> </tr> <tr> <td>LANGUAGE_CODE</td> <td class="code"><pre>'en-us'</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_AGE</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_DOMAIN</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_HTTPONLY</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_NAME</td> <td class="code"><pre>'django_language'</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_PATH</td> <td class="code"><pre>'/'</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_SAMESITE</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>LANGUAGE_COOKIE_SECURE</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>LOCALE_PATHS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>LOGGING</td> <td class="code"><pre>{}</pre></td> </tr> <tr> <td>LOGGING_CONFIG</td> <td class="code"><pre>'logging.config.dictConfig'</pre></td> </tr> <tr> <td>LOGIN_REDIRECT_URL</td> <td class="code"><pre>'/accounts/profile/'</pre></td> </tr> <tr> <td>LOGIN_URL</td> <td class="code"><pre>'/accounts/login/'</pre></td> </tr> <tr> <td>LOGOUT_REDIRECT_URL</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>MANAGERS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>MEDIA_ROOT</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>MEDIA_URL</td> <td class="code"><pre>''</pre></td> </tr> <tr> <td>MESSAGE_STORAGE</td> <td class="code"><pre>'django.contrib.messages.storage.fallback.FallbackStorage'</pre></td> </tr> <tr> <td>MIDDLEWARE</td> <td class="code"><pre>['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware']</pre></td> </tr> <tr> <td>MIGRATION_MODULES</td> <td class="code"><pre>{}</pre></td> </tr> <tr> <td>MONTH_DAY_FORMAT</td> <td class="code"><pre>'F j'</pre></td> </tr> <tr> <td>NUMBER_GROUPING</td> <td class="code"><pre>0</pre></td> </tr> <tr> <td>PASSWORD_HASHERS</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>PASSWORD_RESET_TIMEOUT_DAYS</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>PREPEND_WWW</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>ROOT_URLCONF</td> <td class="code"><pre>'vuln.urls'</pre></td> </tr> <tr> <td>SECRET_KEY</td> <td class="code"><pre>'********************'</pre></td> </tr> <tr> <td>SECURE_BROWSER_XSS_FILTER</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SECURE_CONTENT_TYPE_NOSNIFF</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>SECURE_HSTS_INCLUDE_SUBDOMAINS</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SECURE_HSTS_PRELOAD</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SECURE_HSTS_SECONDS</td> <td class="code"><pre>0</pre></td> </tr> <tr> <td>SECURE_PROXY_SSL_HEADER</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SECURE_REDIRECT_EXEMPT</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>SECURE_REFERRER_POLICY</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SECURE_SSL_HOST</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SECURE_SSL_REDIRECT</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SERVER_EMAIL</td> <td class="code"><pre>'root@localhost'</pre></td> </tr> <tr> <td>SESSION_CACHE_ALIAS</td> <td class="code"><pre>'default'</pre></td> </tr> <tr> <td>SESSION_COOKIE_AGE</td> <td class="code"><pre>1209600</pre></td> </tr> <tr> <td>SESSION_COOKIE_DOMAIN</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SESSION_COOKIE_HTTPONLY</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>SESSION_COOKIE_NAME</td> <td class="code"><pre>'sessionid'</pre></td> </tr> <tr> <td>SESSION_COOKIE_PATH</td> <td class="code"><pre>'/'</pre></td> </tr> <tr> <td>SESSION_COOKIE_SAMESITE</td> <td class="code"><pre>'Lax'</pre></td> </tr> <tr> <td>SESSION_COOKIE_SECURE</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SESSION_ENGINE</td> <td class="code"><pre>'django.contrib.sessions.backends.db'</pre></td> </tr> <tr> <td>SESSION_EXPIRE_AT_BROWSER_CLOSE</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SESSION_FILE_PATH</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>SESSION_SAVE_EVERY_REQUEST</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>SESSION_SERIALIZER</td> <td class="code"><pre>'django.contrib.sessions.serializers.JSONSerializer'</pre></td> </tr> <tr> <td>SETTINGS_MODULE</td> <td class="code"><pre>'vuln.settings'</pre></td> </tr> <tr> <td>SHORT_DATETIME_FORMAT</td> <td class="code"><pre>'m/d/Y P'</pre></td> </tr> <tr> <td>SHORT_DATE_FORMAT</td> <td class="code"><pre>'m/d/Y'</pre></td> </tr> <tr> <td>SIGNING_BACKEND</td> <td class="code"><pre>'django.core.signing.TimestampSigner'</pre></td> </tr> <tr> <td>SILENCED_SYSTEM_CHECKS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>STATICFILES_DIRS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>STATICFILES_FINDERS</td> <td class="code"><pre>['django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder']</pre></td> </tr> <tr> <td>STATICFILES_STORAGE</td> <td class="code"><pre>'django.contrib.staticfiles.storage.StaticFilesStorage'</pre></td> </tr> <tr> <td>STATIC_ROOT</td> <td class="code"><pre>None</pre></td> </tr> <tr> <td>STATIC_URL</td> <td class="code"><pre>'/static/'</pre></td> </tr> <tr> <td>TEMPLATES</td> <td class="code"><pre>[{'APP_DIRS': True, 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages']}}]</pre></td> </tr> <tr> <td>TEST_NON_SERIALIZED_APPS</td> <td class="code"><pre>[]</pre></td> </tr> <tr> <td>TEST_RUNNER</td> <td class="code"><pre>'django.test.runner.DiscoverRunner'</pre></td> </tr> <tr> <td>THOUSAND_SEPARATOR</td> <td class="code"><pre>','</pre></td> </tr> <tr> <td>TIME_FORMAT</td> <td class="code"><pre>'P'</pre></td> </tr> <tr> <td>TIME_INPUT_FORMATS</td> <td class="code"><pre>['%H:%M:%S', '%H:%M:%S.%f', '%H:%M']</pre></td> </tr> <tr> <td>TIME_ZONE</td> <td class="code"><pre>'UTC'</pre></td> </tr> <tr> <td>USE_I18N</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>USE_L10N</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>USE_THOUSAND_SEPARATOR</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>USE_TZ</td> <td class="code"><pre>True</pre></td> </tr> <tr> <td>USE_X_FORWARDED_HOST</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>USE_X_FORWARDED_PORT</td> <td class="code"><pre>False</pre></td> </tr> <tr> <td>WSGI_APPLICATION</td> <td class="code"><pre>'vuln.wsgi.application'</pre></td> </tr> <tr> <td>X_FRAME_OPTIONS</td> <td class="code"><pre>'DENY'</pre></td> </tr> <tr> <td>YEAR_MONTH_FORMAT</td> <td class="code"><pre>'F Y'</pre></td> </tr> </tbody> </table> </div> <div id="explanation"> <p> You're seeing this error because you have <code>DEBUG = True</code> in your Django settings file. Change that to <code>False</code>, and Django will display a standard page generated by the handler for this status code. </p> </div> </body> </html>
最新发布
12-01
You may need to add '192.168.20.128' to ALLOWED_HOSTS.` --- ### 错误原因 Django 默认会检查 HTTP 请求头中的 `Host` 字段是否在 `ALLOWED_HOSTS` 白名单中。 虽然你在 URL 中写了 IP 地址,但默认情况下 `...
Django|编写第一个Django程序|Writting your first Django app|Windows环境
m0_59010789的博客
07-19 1112
Django|编写第一个Django程序|Writting your first Django app|Windows环境|详细示范|多图预警
Ambari2.7.4集成Hue4.6.0
qq_21153619的博客
03-31 2363
一、前言 Hue是一个开源的Apache Hadoop UI系统,由Cloudera Desktop演化而来,最后Cloudera公司将其贡献给Apache基金会的Hadoop社区,它是基于Python Web框架Django实现的。 通过使用Hue我们可以在浏览器端的Web控制台上与Hadoop集群进行交互来分析处理数据,例如操作HDFS上的数据,运行MapReduce Job,执行Hive的SQL语句,浏览HBase数据库等等。 二、版本信息 Ambari:2.7.4 HDP:3.1.4
Invalid HTTP_HOST header: ‘172.32.11.11:8000‘. You may need to add ‘172.32.11.11‘ to ALLOWED_HOSTS
On the road
03-17 294
Invalid HTTP_HOST header: ‘172.32.11.11:8000’. You may need to add ‘172.32.11.11’ to ALLOWED_HOSTS 报错信息 Invalid HTTP_HOST header: '172.32.11.11:8000'. You may need to add '172.32.11.11' to ALLOWED_HOSTS 解决办法 修改settings.py ALLOWED_HOSTS = ['*'] 欢迎大家交流学
Invalid HTTP_HOST header: 'xxx.xxx:8000'. You may need to add 'xxx.xx' to ALLOWED_HOSTS
weixin_30670925的博客
07-10 357
用python3 manage.py runserver 0.0.0.0:8000命令运行django程序后,通过浏览器访问服务器网址的8000端口,出现访问错误,报错为 Invalid HTTP_HOST header: ‘xxx.xx.xxx.xxx:8000’. You may need to add ‘xxx.xx’ to ALLOWED_HOSTS 解决办法: 修改创建项目时...
Invalid HTTP_HOST header: ‘testserver‘. You may need to add ‘testserver‘ to ALLOWED_HOSTS
weixin_47973311的博客
08-26 1350
如果一个值以点号开始,则可当做一个子域名通配符:‘.example.com’会匹配’example.com’, ‘www.example.com’, 以及example.com的其它任意子域名。如果Host头(如果启用了USE_X_FORWARDED_HOST,则是X-Forwarded-Host)不匹配列表中任何一个值,那么 django.http.HttpRequest.get_host()方法会抛出SuspiciousOperation异常。Django也支持任一条目的域名全称。......
django 报错 DisallowedHost at Invalid HTTP_HOST header: ‘*.com‘. You may need to add ‘*.com‘ to ALL
Ggome的博客
09-09 416
添加信任网址到 setting.py。
django error: DisallowedHost: Invalid HTTP_HOST header: ''. You may need to add u'' to ALLOWED_HOST
weixin_34023982的博客
04-24 338
测试环境: [root@nanx-lli ~]# lsb_release -aLSB Version: :core-4.1-amd64:core-4.1-noarchDistributor ID: CentOSDescription: CentOS Linux release 7.4.1708 (Core)Release: 7.4.1708Codename: ...
Django运行访问项目出现的问题:DisallowedHost at / Invalid HTTP_HOST header
热门推荐
will5451的博客
12-24 8万+
Django运行访问项目出现的问题:DisallowedHost at / Invalid HTTP_HOST header: DisallowedHost at / Invalid HTTP_HOST header: '10.211.55.6:8000'. You may need to add u'10.211.55.6' to ALLOWED_HOSTS. Re
访问Django项目出现DisallowedHost at / Invalid HTTP_HOST header问题
weixin_30379973的博客
12-18 470
闲来无事,想玩玩django,源码安装碰到了一堆乱七八糟依赖性问题,耗费一下午的时间总算是在ubuntu14.04上搭建好了python3+django2开发环境, 心血来潮,创建了一个django项目,启动运行,好吧又碰到问题了。如下: DisallowedHost at / Invalid HTTP_HOST header: '192.168.1.156:8000'. You may...
python 解决 Invalid HTTP_HOST header
zhiboqingyun的博客
01-26 3211
一、问题描述 在启动django的服务器时,报错如下图: 二、问题分析 三、解决问题 修改创建项目时生成的setting.py文件 将ALLOWED_HOSTS = []改为ALLOWED_HOSTS = ['*'] 再次运行即可成功访问。 注意:不是把域名添加进去。 settings.py在应用名那个文件夹。 ...
解决登录Django后台管理时候系统显示:127.0.0.1 拒绝了我们的连接请求(亲测有效!)
未来社会二十年发展的核心技术趋势由ABCD四个字母组成,分别是AI(人工智能)、BlockChain(区块链)、Cloud(云)、和Data(大数据)每一次进步都有新的认知和感触
02-02 2936
今天在用Django框架帮别人做一个基于python机器学习抖音短视频推荐系统项目时候无法正常显示系统功能页面,进入Django后台显示:`127.0.0.1 拒绝了我们的连接请求`,所有工具栏点开页面都是不能正常请求,显示错误信息。把里面的`'django.middleware.clickjacking.XFrameOptionsMiddleware'`,注释或者删除即可。这段代码的作用是将Django框架的点击劫持防护中间件添加到中间件处理链中,以提高应用的安全性。
Invalid HTTP_HOST header: '10.42.47.123:8000'. You may need to add '10.42.47.123' to ALLOWED_HOSTS. [24/Nov/2025 17:33:55] "GET /ip/verify HTTP/1.1" 400 67766
11-25
这个错误信息: ``` Invalid HTTP_HOST header: '10.42.47.123:8000'. You may need to add '10.42.47.123' to ALLOWED_HOSTS. ``` 表示 Django 拒绝了来自 `HTTP_HOST` 为 `10.42.47.123:8000` 的请求,因为该主机名未被包含在 `settings.py` 的 `ALLOWED_HOSTS` 列表中。这是 Django 的一项安全机制,防止**HTTP Host 头攻击**。 --- ### ✅ 解决方法 你需要将客户端访问时使用的域名或 IP 地址添加到 `ALLOWED_HOSTS` 中。 #### 方法一:明确添加 IP(推荐用于开发环境) ```python # settings.py ALLOWED_HOSTS = [ 'localhost', '127.0.0.1', '10.42.47.123', # 添加这个 IP ] ``` > 注意:不需要加端口号(`:8000`),Django 只检查主机部分。 #### 方法二:允许所有主机(仅限开发调试!不安全) ```python ALLOWED_HOSTS = ['*'] ``` 这会接受任何 Host 请求头,方便局域网测试,但**绝对不能用于生产环境**。 #### 方法三:使用正则式匹配(高级用法) 如果你有多个类似 IP,可以动态处理(需配合自定义中间件): ```python from django.http import HttpResponseForbidden import re class AllowedHostsMiddleware: def __init__(self, get_response): self.get_response = get_response def __call__(self, request): host = request.get_host().split(':')[0] # 去掉端口 allowed_pattern = re.compile(r'^10\.42\.\d+\.\d+$') if not allowed_pattern.match(host): return HttpResponseForbidden("Host not allowed") return self.get_response(request) ``` 然后在 `MIDDLEWARE` 中注册此中间件,并保留 `ALLOWED_HOSTS` 为空或基本值。 --- ### 🔍 错误原因解释 当浏览器或其他设备访问你的 Django 服务时,HTTP 请求中包含一个 `Host` 头,例如: ``` Host: 10.42.47.123:8000 ``` Django 会提取这个 Host 并验证它是否在 `ALLOWED_HOSTS` 中。如果不在,则拒绝请求并返回 **400 Bad Request**,同时抛出上述警告。 即使你已经运行了 `runserver 0.0.0.0:8000`,允许外部连接,但 Django 应用层仍会拦截非法 Host 请求。 --- ### ✅ 完整配置示例(适用于局域网开发调试) ```python # settings.py DEBUG = True ALLOWED_HOSTS = [ 'localhost', '127.0.0.1', '10.42.47.123', # 替换为你的实际局域网/容器 IP ] # 或者快速测试: # ALLOWED_HOSTS = ['*'] ``` 启动服务: ```bash python manage.py runserver 0.0.0.0:8000 ``` 确保防火墙放行 8000 端口。 --- ### ⚠️ 安全提醒 - `ALLOWED_HOSTS = ['*']` 在生产环境中非常危险,可能导致缓存投毒、CSRF 攻击等问题。 - 生产部署时应精确设置域名,如 `example.com`, `api.example.com`。 - 使用 Nginx 反向代理时,也建议配置正确的 `X-Forwarded-Host` 和 `SECURE_PROXY_SSL_HEADER`。 ---
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值