Why is Django throwing error “DisallowedHost at /”?

Question

I am setting up my own Django server using this Digital Ocean tutorial. I created the Django framework following each step, and ran the server using this command:

Answer 1

For development, you can use the * wildcard to allow all hosts in settings.py:

ALLOWED_HOSTS = ['*']

Important

Modify this configuration when you deploy your app in production environment.

Answer 2

For Run Django Project on localhost with free hosting by "ngrok"

run ngrok http 8000

(before run this in your project make sure your project are required to run on localhost like- python manage.py runserver)

http://563ae936.ngrok.io -> http://localhost:8000

Edit Setting.py

ALLOWED_HOSTS = ['563ae936.ngrok.io', 'localhost', '127.0.0.1', 'testserver']

Here "563ae936.ngrok.io" Replace your Host name with removing http:// or https://

Answer 3

Include both ('www.name.com', 'ip.ip.ip.ip') Set Debug = True, then retry the IP & URL Address.

Go to the Traceback section, find the message [ raise DisallowedHost(msg) ] click -> ▼ Local vars

It will show the incoming domain name and the settings for allowed hosts:

*Variable       Value
*allowed_hosts  ['ip.ip.ip.ip', 'name.com']
*domain          'something.com'
*

Copy the incoming value into your settings.py. If the you see old settings restart the server\nginx

Answer 4

In your settings.py, there is a list called ALLOWED_HOSTS. You need to add the IP address you see in the error to that list:

ALLOWED_HOSTS = ['XX.XX.XX.XX']

Note: only add the IP address, and not the port (e.g., 127.0.0.1 and not 127.0.0.1:8000)

Explanation:

Django checks the Host header of the HTTP request for a url/ip address that is within the allowed hosts.

From the django website:

This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations.

https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts

Answer 5

Go to setting.py

ALLOWED_HOSTS = ['*']