[SOLVED] Django project: Spam bots spam all over my Sentry.io Account (Invalid HTTP

Django project: Spam bots spam all over my Sentry.io Account (Invalid HTTP_HOST header)

I have a django project running in production with gunicorn. It is connected to sentry.io for comfortable error logging.

There are a lot of spambots causing Invalid HTTP_HOST header, because they try to access it by ip, which is not allowed by django`s ALLOWED_HOSTS setting. Those Spam Bots fill up my sentry plan limits, and after a while other errors are not logged anymore.

What would be a simple and elegant solution to this? I already thought about some, but they all have caveats:

Filter out requests with wrong hosts in an earlier stage, e.g. the nginx - Good idea, but I would like to be able to configure allowed hosts in django settings
Catch Invalid HTTP_HOST header error in django and not send to sentry: Good idea, but then I do not have invalid http host header error handling at all in sentry
I would like to log one error per host and url per day or something like that - But then I have to code a custom ratelimiter, which persists infos. Seems like a complex solution

What are your thought on this. Do you have other ideas? What would be the most elegant and less comlicated solution?

Solution

You can configure Nginx to block any request that has an Invalid HTTP_HOST header

server {
    listen 80;
    server_name example.com;

    if ($http_host !~* ^(example.com|www.example.com)$ ) {
        return 444;
    }

    # rest of your Nginx configuration goes here
}

This way, you can still configure your allowed hosts in Django settings, while filtering out requests with invalid host headers at the proxy server.