信任主机设置 未启用 settings.php 中的 trusted_host_patterns 设置未配置

settings.php 中的 trusted_host_patterns 设置未配置。这可能导致安全漏洞。强烈建议您配置此项。更多详情请参见 防止 HTTP HOST 头攻击。

/sites/default/ 找到 settings.php,并打开找到

 * For example:
 * @code
 * $settings['trusted_host_patterns'] = array(
 *   '^www\.example\.com$',
 * );

在备注(/*  */)范围外去掉 *改为你的域名

本地测速改为

$settings['trusted_host_patterns'] = [
  '^localhost$',
];

 

MAMP possible exception

About local development, MAMP (3.5.2) '^localhost$' setting give the error message "The provided host name is not valid for this server" and doesn't load the site. Found a solution changing it with site name without port number. In my test site "drupal8":

$settings['trusted_host_patterns'] = [
  '^drupal8$',
];

made Trusted Host active.

NOTE: On MAMP 4.2 '^localhost$' works just fine.

Trusted host security setting in Drupal 8.4.0 and PHP 7.1.8 for XAMP

To enable the trusted host mechanism, we need to enable our allowable hosts
 in $settings['trusted_host_patterns'].

Open the "settings.php" file and update the below code to Enable the Trusted host setting:

$settings['trusted_host_patterns'] = array(
'^localhost$',                              
'^192\.168\.00\.52$',
'^127\.0\.0\.1$',
);

Here,

  • '^localhost$',   : This will allow the site to only run from localhost.
  • '^192\.168\.00\.52$', : This will allow the site to only run from system IP (different system has different IP).
  • '^127\.0\.0\.1$', : This will allow the site to only run from 127.0.0.1 instead of localhost.

Note : If someone running multisite, then in that case just specify all of the host patterns that are allowed by the site.

笔记分类