Forums

Unable to resolve "ALLOWED_HOSTS" error.

I've added 'monty_singh.pythonanywhere.com' inside ALLOWED_HOSTS list but I am still getting this error.

2013-07-22 14:10:17,145 :Internal Server Error: /favicon.ico
 Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 89, in get_response
    response = middleware_method(request)
  File "/usr/local/lib/python2.7/dist-packages/django/middleware/common.py", line 55, in process_request
    host = request.get_host()
  File "/usr/local/lib/python2.7/dist-packages/django/http/__init__.py", line 179, in get_host
    "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host)
SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): monty_singh.pythonanywhere.com

Any idea how to fix this?

deleted-user-21425 | 3 posts | July 22, 2013, 7:14 p.m. | permalink

Have you tried setting it to the accept all hosts ['*']. Obviously I wouldn't recommend this as a long term solution but this would at least tell you if the changes you are making to your settings are actually having some effect. Is it possible that you are defining ALLOWED_HOSTS twice?

Staff hansel | 459 posts | PythonAnywhere staff | July 23, 2013, 11:29 a.m. | permalink

['*'] is also not working, I am still getting the same error. I checked the settings.py file, ALLOWED_HOSTS is defined only once.

deleted-user-21425 | 3 posts | July 23, 2013, 2:28 p.m. | permalink

Hi monty,

Okay, it looks like Django refuses to validate a hostname that contains underscores. You'll either have to create a new PythonAnywhere account with a different username (try a hyphen "-") or use a different web framework.

Staff hansel | 459 posts | PythonAnywhere staff | July 23, 2013, 3:34 p.m. | permalink

To be fair, hostnames with underscores are not valid according to the RFCs. Of course, this only applies to hostnames - other DNS records can freely contain underscores, or indeed more or less any other character.

Given that usernames are always used as hostnames on PA (at least for free accounts) I wonder if it's worth barring underscores from names, or possibly transforming the username to a canonical version without underscores for the hostname (although you'd need to check for username conflicts based on the canonicalised version, of course). Although underscores will often work most of the time, they can lead to odd problems later - ignoring this Django issue, I believe IE9 has problems setting cookies on URLs including a hostname which isn't RFC-compliant.

deleted-user-39880 | 669 posts | July 23, 2013, 4:36 p.m. | permalink

Thanks @hansel, problem solved thanks to one of the pythonanywhere employee(or may be that was you).

How to resolve SuspiciousOperation: Invalid HTTP_HOST header error?

deleted-user-21425 | 3 posts | July 23, 2013, 5:35 p.m. | permalink

Just a correction here -- we actually disabled creation of accounts with underscores in the name sometime last summer for this reason. Looks like you (@monty_singh) signed up before we did that.

Staff giles | 12095 posts | PythonAnywhere staff | July 24, 2013, 10:47 a.m. | permalink

change ALLOWED_HOSTS = ('*') in setting.py

deleted-user-2753488 | 1 post | Aug. 22, 2017, 12:38 p.m. | permalink

That's not ideal; firstly, setting it as you describe is incorrect because it would set ALLOWED_HOSTS to the string "*", because the brackets would just be treated as parentheses instead of creating a tuple. To create a tuple you'd do this (note the extra comma):

ALLOWED_HOSTS = ('*',)

...or you could create a list like this:

ALLOWED_HOSTS = ['*']

However, even if you used that code, it's not something we'd recommend. Django's insistence that you specify a sequence of allowed hosts is a security feature and helps avoid some quite subtle problems. Setting ALLOWED_HOSTS to allow any host disables that. Much better to specify the proper hostname.

Staff giles | 12095 posts | PythonAnywhere staff | Aug. 23, 2017, 2:07 p.m. | permalink

Thanks for the above suggestions. It worked for me :)

deleted-user-3924352 | 1 post | May 21, 2018, 8:22 a.m. | permalink

Excellent! Glad we could help :-)

Staff giles | 12095 posts | PythonAnywhere staff | May 21, 2018, 11:53 a.m. | permalink

Hi. I'm having the same issue. Even though I made the changes to the settings.py file, the settings listed on the page(my web app page) is still showing ALLOWED_HOSTS as empty. I did a push and confirmed on github that the changes have been made but still I'm getting disallowedhost error and the ALLOWED_HOSTS list is empty on that page.

deleted-user-3968135 | 2 posts | May 30, 2018, 4:06 p.m. | permalink

Did you reload your web app on the Web App Configuration page after making the change?

Staff glenn | 9718 posts | PythonAnywhere staff | May 30, 2018, 5:13 p.m. | permalink

Yes, I did. Multiple times. Still the same error. It should also reflect the changes on the web app page, right, where the settings are listed?

deleted-user-3968135 | 2 posts | May 30, 2018, 5:59 p.m. | permalink

Can I take a look at your files? We can see them from our admin interface, but we always ask for permission first.

Staff giles | 12095 posts | PythonAnywhere staff | May 31, 2018, 11:01 a.m. | permalink

Has this issue been resolved? I'm trying to run a Django app and I'm facing the same issue. I've changed my ALLOWED_HOSTS as mentioned above, doesn't seem to help. My username has no underscores.

deleted-user-3999198 | 1 post | June 7, 2018, 3:30 p.m. | permalink

If ALLOWED_HOSTS is set correctly, then you won't get the error message. Make sure you've spelled everything correctly and that you've reloaded your web app since making the change.

Staff glenn | 9718 posts | PythonAnywhere staff | June 7, 2018, 4:10 p.m. | permalink

Sometimes there are two settings files this needs to be changed in... Both <PROJECTNAME>/projectname/local_settings.py and the normal settings.py...

deleted-user-6101379 | 1 post | Sept. 3, 2019, 1:14 p.m. | permalink

That would be an unusual setup -- the normal system if you have a settings.py and a local_settings.py would be to have the former import everything from the latter.

Staff giles | 12095 posts | PythonAnywhere staff | Sept. 3, 2019, 2:39 p.m. | permalink

same problem. tried adding "*" in the allowed host section but still its not working. DEBUG = True

ALLOWED_HOSTS = ['soumya23.pythonanywhere.com']

deleted-user-12704403 | 1 post | March 30, 2022, 7:15 a.m. | permalink

Have you reloaded the web app after changing the settings?

Staff fjl | 4614 posts | PythonAnywhere staff | March 30, 2022, 10:32 a.m. | permalink

Helo fjl

Please taake a look at my code from your end.

Beloved premium user Victor9000000 | 18 posts | Nov. 25, 2022, 4:40 p.m. | permalink

Describe your issue and we'll try to help.

Staff glenn | 9718 posts | PythonAnywhere staff | Nov. 25, 2022, 6:33 p.m. | permalink

Hey, I'm also getting a DisallowedHost error, even though my settings.py folder is configured properly, and the file paths in the wsgi file are correct.

Soulninja4 | 1 post | May 28, 2023, 4:30 p.m. | permalink

Can you show the error you see at the bottom of your web app's error log?

Staff pafk | 3220 posts | PythonAnywhere staff | May 29, 2023, 8:47 a.m. | permalink