Tag: Disallowedhost
Problems where incoming requests are blocked due to disallowed Host header settings
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0031 Medium Impact: 5/10 Mitigation: 5/10 | Django returns DisallowedHost error for untrusted HTTP_HOST headers | Django applications may return a "DisallowedHost" error when receiving requests with an unrecognized or missing Host header. This typically occurs in production environments where reverse proxies, load balancers, or external clients send requests using an unexpected domain or IP address. Django blocks these requests unless the domain is explicitly listed in `ALLOWED_HOSTS`. | Framework Problems | django | DjangoDisallowedhostConfigurationWebSecurityHost HeaderPublic |