Setting up allowed host is a good practice to stop hackers or attackers from entering your website . Now if you set Debug = False in development or production you must specify the host which your website must be reached with.
Assuming you have developed your site and you are ready to push it online without specify a host then you will definitely run into error. to stop this we have searched for better way you can this to stop hackers using an unkown url to access your site. Note that this won’t stop bolts from bumbing your site. rather you can integrate google recaptcha in other to stop this. Why google recaptcha? Google recaptcha will only stop bolts from entering some useless links in your site. you can reffer to this post to learn.
Steps to set up allowed host in Django
- Go to settings.py
- If you are on development leave Debug=True
- On production set Debug = False
- On development put only the domains you want the site to be accessible with[‘localhost’, ‘127.0.0.1’, ‘*’]
- On production only put the domains that you configured your host with[‘localhost’, ‘127.0.0.1’, ‘yourdomain.com’]
- [‘yourdomain.com’] if you specifically want only domain , this method is recommended for production
- The asterisk
*will make your project to be resolved in any domain, don’t add it in production
Illustration of how to set up allowed host in Django
Navigate to settings.py or wherever you configured it
Either Debug True or False
Set allowed host to one of the following methods listed below.
On production
ALLOWED_HOSTS = ['www.domain.com','domain.com']
If you will frequently update your codes later you may need to add the host that you will use for this. remember that localhost and 127.0.0.1 is the required host that you can allowed therefore you can edit your local host to include the following mentioned host.
ALLOWED_HOSTS = ['www.domain.com','domain.com','localhost','127.0.0.1']
On Development
I recommend you to use this if you’re on development and you want every host to access it, may be you guys are working in a team then any body can use any address to aceess the site
Or use this instead, this is recommended if you want to use your domain and also run your site on local computer without nework
ALLOWED_HOSTS = ['www.domain.com','domain.com','localhost','1.27.0.0.1']
How to edit your code while in production.
While deploying your code make sure you have deployed your codes on github, or any related one.
Steps on deploying your codes on github
deploy your code to github
clone it in to your host
Go to Vs Code then clone your code and then on Vs Code use SQLite3 as your database
When ever you have done changes to your codes , use git push to push it back to github
Then in your host , use git pull to update your code then adjust somethings such as the databases
When you want to push remember to change your database settings before pushing. remember if you didn’t do it your databse will be wipe out . write your database detail somewhere before pulling your code
conclusion: in the two examples above the first one was good in production, I recommend you to only add the custom domain name you have configured for the site, you can use a redirect if you have subdomains. companies like heroku, pythonanaywhere and aws won’t allow double domain name instead. in doing this your website would be access by your domain not through a foreign url.
In the second one your are to combine whatever methods you which to open your website with, you can also set it to be opened with any thing by using the ‘*’ method then when you want to go live you can limit it by adding only your custom domain.
NOTE : If you set debug = false without a host specified you will run in an error
