id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
28028	Support HTTP_HOST header: 'xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx,...'	Rafael Herrero Solís	Rafael Herrero Solís	"Using Nginx/Gunicorn to serve Django website without domain (ip) I detected that when i use 
{{{
proxy_set_header Host $host;
include proxy_params;
}}}
' the resulting header become a comma separated list like so: 'xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx' giving the following error:\\
2017-04-05 14:15:49,517 ERROR [exception] Invalid HTTP_HOST header:'xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx'. The domain name provided is not valid according to RFC 1034/1035. /home/cpc/Virtualenvs/env/lib/python2.7/site-packages/django/core/handlers/exception.py 73

Removing the  include proxy_params; directive may fix this, but it wouldn't be hard to modify 'django.http.request.validate_host' to split the hosts and check if all of them are in allowed hosts. 

I could do it my self if you consider this host header should be accepted in case all the hosts at the host header are allowed hosts, maybe even expect a settings.MULTIPLE_HOST_HEADER == True

Here is an example of the nginx site.conf that would trigger it:

{{{
server {
    listen 80;
    server_name xxx.xxx.xxx.xxx;

    location = /favicon.ico {
        access_log off; log_not_found off;
        alias /var/www/site/static/favicon.ico;
    }

    # Static root settigns
    location /static/ {
        root /var/www/static/;
    }

    # WebSocket settings
    location /notifications/ {
        rewrite  ^/(.*)  /$1 break;

        proxy_pass http://127.0.0.1:8005;
        proxy_redirect off;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection ""upgrade"";
        proxy_read_timeout 600;
    }

    # Gunicorn proxy settings
    location / {
        proxy_set_header Host $host;
        include proxy_params;
    }

    error_page 500 502 503 504 /custom_50x.html;

    location = /custom_50x.html {
                root /usr/share/nginx/html;
                internal;
    }
}
}}}
"	Bug	closed	HTTP handling	1.10	Normal	needsinfo	Multiple Host Headers		Unreviewed	0	0	0	0	0	0