This was already changed in https://code.djangoproject.com/ticket/19866 which is part of 1.6. It's noted under the minor features https://docs.djangoproject.com/en/1.6/releases/1.6/#minor-features
SuspiciousOperation has been differentiated into a number of subclasses, and each will log to a matching named logger under the django.security logging hierarchy. Along with this change, a handler400 mechanism and default view are used whenever a SuspiciousOperation reaches the WSGI handler to return an HttpResponseBadRequest. Best, Mark On Thursday, February 13, 2014 12:27:37 PM UTC-5, J. Cliff Dyer wrote: > > Django devs, > > I've noticed that the new ALLOWED_HOSTS causes the site > to return HTTP-500 errors whenever a user submits a request with an > HTTP_HOST header that is not allowed. This is flooding my developers' > inboxes with spurious error messages. The site is refusing the > requests as expected, but it is doing so with a *server* error, when in > fact the error is a problem with what the *clients* are doing. I'd > like to start a discussion here before I create a bug report, but I > believe this should instead be returning a 403 Forbidden response > (based on my reading of http://httpstatus.es/403), or at least > something in the 4xx (Client Error) range. This might be appropriate > for other SuspiciousOperation exceptions as well, though it's probably > worth discussing just how they are each handled. > > In short, I think 500 makes it look like there's something wrong > with the server, when in fact the response is being blocked because the > server is doing the right thing. If there's some consensus that this > would be a helpful enhancement, I'll write up a bug report and see if I > can create a patch to accompany it. Otherwise, I'll try to fix it for > my own use in a custom middleware. > > Cheers, > Cliff > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/7344345d-691f-463a-805e-3f57ad58ad0c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
