Django's SuspiciousOperation Invalid HTTP_HOST header -

after upgrading django 1.5, started getting errors this:

traceback (most recent call last):  file "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 92, in get_response response = middleware_method(request)  file "/usr/local/lib/python2.7/dist-packages/django/middleware/common.py", line 57, in process_request host = request.get_host()  file "/usr/local/lib/python2.7/dist-packages/django/http/request.py", line 72, in get_host "invalid http_host header (you may need set allowed_hosts): %s" % host)  suspiciousoperation: invalid http_host header (you may need set allowed_hosts): www.google.com  <wsgirequest path:/, get:<querydict: {}>, post:<querydict: {}>, cookies:{}, meta:{'content_length': '', 'content_type': '', 'document_root': '/etc/nginx/html', 'http_accept': 'text/html', 'http_host': 'www.google.com', 'http_proxy_connection': 'close', 'http_user_agent': 'mozilla/4.0 (compatible; msie 6.0; windows nt 5.1)', 'path_info': u'/', 'query_string': '', 'remote_addr': '210.245.91.104', 'remote_port': '49347', 'request_method': 'get', 'request_uri': '/', u'script_name': u'', 'server_name': 'www.derekkwok.net', 'server_port': '80', 'server_protocol': 'http/1.0', 'uwsgi.node': 'derekkwok', 'uwsgi.version': '1.4.4', 'wsgi.errors': <open file 'wsgi_errors', mode 'w' @ 0xb6d99c28>, 'wsgi.file_wrapper': <built-in function uwsgi_sendfile>, 'wsgi.input': <uwsgi._input object @ 0x953e698>, 'wsgi.multiprocess': true, 'wsgi.multithread': false, 'wsgi.run_once': false, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}> 

i've set allowed_hosts = ['.derekkwok.net'] in settings.py file.

what going on here? pretending google , accessing site? or benign case of setting http_host header incorrectly?

if allowed_hosts set correctly, possible probing site vulnerability spoofing header.

there discussion right django developers change 500 internal server error 400 response. see this ticket.