Django gives Bad Request (400) when DEBUG = False

Each Answer to this Q is separated by one/two green lines.

I am new to django-1.6. When I run the django server with DEBUG = True, it’s running perfectly. But when I change DEBUG to False in the settings file, then the server stopped and it gives the following error on the command prompt:

CommandError: You must set settings.ALLOWED_HOSTS if DEBUG is False.

After I changed ALLOWED_HOSTS to ["",], in the browser I get the error:

Bad Request (400)

Is it possible to run Django without debug mode?

The ALLOWED_HOSTS list should contain fully qualified host names, not urls. Leave out the port and the protocol. If you are using, I would add localhost to the list too:

ALLOWED_HOSTS = ['', 'localhost']

You could also use * to match any host:


Quoting the documentation:

Values in this list can be fully qualified names (e.g. ''), in which case they will be matched against the request’s Host header exactly (case-insensitive, not including port). A value beginning with a period can be used as a subdomain wildcard: '' will match,, and any other subdomain of A value of '*' will match anything; in this case you are responsible to provide your own validation of the Host header (perhaps in a middleware; if so this middleware must be listed first in MIDDLEWARE_CLASSES).

Bold emphasis mine.

The status 400 response you get is due to a SuspiciousOperation exception being raised when your host header doesn’t match any values in that list.

I had the same problem and none of the answers resolved my problem. For resolving situations like this, it’s best to enable logging by adding the following config to temporarily.

   'version': 1,
   'disable_existing_loggers': False,
   'handlers': {
      'file': {
         'level': 'DEBUG',
         'class': 'logging.FileHandler',
         'filename': '/tmp/debug.log',
   'loggers': {
      'django': {
         'handlers': ['file'],
         'level': 'DEBUG',
         'propagate': True,

When you see the issue, it’s easier to handle than by blind debugging.

My issue was:

Invalid HTTP_HOST header: ‘pt_web:8000’. The domain name provided is not valid according to RFC 1034/1035.

I resolved it by adding proxy_set_header Host $host; to the Nginx config file and enabling port forwarding with USE_X_FORWARDED_PORT = True in the (it’s because in my case I was listening to requests on Nginx port 8080 and passing to guni on port 8000).

For me, I got this error by not setting USE_X_FORWARDED_HOST to true. From the docs:

This should only be enabled if a proxy which sets this header is in use.

My hosting service wrote explicitly in their documentation that this setting must be used, and I get this 400 error if I forget it.

I had the same problem and I fixed it by setting ALLOWED_HOSTS = ['*'] and to solve the problem with the static images you have to change the virtual paths in the environment configuration like this:

Virtual Path

/static/                          /opt/python/current/app/yourpj/static/
/media/                        /opt/python/current/app/Nuevo/media/

I hope it helps you.

PD: sorry for my bad english.

in the of your project, check line 28, where is the Allows Host

ALLOWED_HOSTS = ['IP', 'servidor', ]

you must put the IP and the server you use, level local or web

ALLOWED_HOSTS = ['', 'localhost', '']



With DEBUG = False in you settings file, you also need ALLOWED_HOST list set up.
Try including ALLOWED_HOST = ['', 'localhost', '']

Otherwise you might receive a Bad Request(400) error from django.

For me as I have already xampp on and django on
and i kept trying adding hosts

ALLOWED_HOSTS = ['', 'localhost', '', '*', '']

and i got the same error or (400) bad request
enter image description here

so I change the url to used port)/project
and voila !

you have to check what is your virtual network address, for me as i use bitnami django stack 2.2.3-1 on Linux i can check which port django is using.
if you have an error ( 400 bad request ) then i guess django on different virtual network ..
good luck
enter image description here

I had to stop the apache server first.

(f.e. sudo systemctl stop httpd.service / sudo systemctl disable httpd.service).

That solved my problem besides editing the ‘‘ file

to ALLOWED_HOSTS = ['', '']

try collectstatic.
I was missing a static file after an update, hence the bad request.

Try to run your server with the --insecure flag, just like this:

python runserver --insecure

The answers/resolutions are collected from stackoverflow, are licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0 .

Leave a Reply

Your email address will not be published.