如何设置Django allowed_hosts?
[英]How to set Django allowed_hosts?
问题描述
Just don't understand, in Django documents and other articles, allowed_hosts is not recommended to be ['*'] for security reasons. 
只是不明白,出于安全原因,在Django文档和其他文章中,不建议将allowed_hosts设为['*']。 But a website should be open to the whole internet, what value should it be? 但是一个网站应该对整个互联网开放,它应该具有什么价值?
2 个解决方案
解决方案1
1 2019-02-03 15:04:14
It should be set to your application domain. 应该将其设置为您的应用程序域。 For example, if your domain is http://example.com then you need to set ALLOWED_HOSTS to: 例如,如果您的域名是http://example.com,则需要将ALLOWED_HOSTS设置为:
ALLOWED_HOSTS = ['example.com']
解决方案2
0 已采纳 2019-02-03 15:44:53
But a website should be open to the whole internet
ALLOWED_HOSTS in Django settings does not mean which user will be allowed to access your site. Django设置中的ALLOWED_HOSTS并不意味着将允许哪个用户访问您的网站。 It simple means on which address your site will be accessible. 这意味着您可以在哪个地址访问您的网站。 for example www.google.com is the address of google site. 例如www.google.com是Google网站的地址。 That does not mean who will be allowed to access the site (Its already public). 这并不意味着将允许谁访问该网站(该网站已经公开)。
To allow/disallow a particular user to access your site is usually done with firewall or with a proxy server like nginx . 允许/禁止特定用户访问您的网站通常是通过防火墙或代理服务器(如nginx 。
what value should it be?
It simply mentions the list of address from where your site can be accessed. 它只是提及可以访问您的站点的地址列表。 like ALLOWED_HOSTS = ['your_site.com', 'IP_ADDRESS_OF_YOUR_SITE'] for more information visit docs 像ALLOWED_HOSTS = ['your_site.com', 'IP_ADDRESS_OF_YOUR_SITE']有关更多信息,请访问文档
And for why ['*'] being dangerous and why ALLOWED_HOST was added to django please refer to this post. 以及为什么['*']是危险的,以及为什么ALLOWED_HOST被添加到django,请参阅这篇文章。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.