I am using Django 1.5, and I am aware of the security issue requiring the ALLOWED_HOSTS argument to include the host. The site is hosted on webfaction.
When I set my production site to DEBUG = False, I get 500 errors for every page. The error I get is:
SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): www.mydomain.org
But in settings.py, I have the following:
ALLOWED_HOSTS = ['.mydomain.org']
This is making me crazy. Any ideas?
Edit: This does not seem to be related to header spoofing as in this post. My settings match the allowed host that appears in the error message.
Update with solution: I am embarrassed to say that I had a second ALLOWED_HOSTS = [ ] declaration later in my settings.py file. This was overriding my previous declaration and causing the problem.
Maybe you just have to put your domain formatted with a full domain name like :
ALLOWED_HOSTS = ['www.mydomain.org']
This worked for me (no more 500 errors)
make sure you access your prod application via www.mydomain.org