settings.php 中的 trusted_host_patterns 设置未配置。这可能导致安全漏洞。强烈建议您配置此项。更多详情请参见 防止 HTTP HOST 头攻击。
/sites/default/ 找到 settings.php,并打开找到
* For example:
* @code
* $settings['trusted_host_patterns'] = array(
* '^www\.example\.com$',
* );
在备注(/* */)范围外去掉 *改为你的域名
本地测速改为
$settings['trusted_host_patterns'] = [ '^localhost$', ];
MAMP possible exception
About local development, MAMP (3.5.2) '^localhost$' setting give the error message "The provided host name is not valid for this server" and doesn't load the site. Found a solution changing it with site name without port number. In my test site "drupal8":
$settings['trusted_host_patterns'] = [ '^drupal8$', ];
made Trusted Host active.
NOTE: On MAMP 4.2 '^localhost$' works just fine.
Trusted host security setting in Drupal 8.4.0 and PHP 7.1.8 for XAMP
To enable the trusted host mechanism, we need to enable our allowable hosts
in $settings['trusted_host_patterns'].
Open the "settings.php" file and update the below code to Enable the Trusted host setting:
$settings['trusted_host_patterns'] = array( '^localhost$', '^192\.168\.00\.52$', '^127\.0\.0\.1$', );
Here,
- '^localhost$', : This will allow the site to only run from localhost.
- '^192\.168\.00\.52$', : This will allow the site to only run from system IP (different system has different IP).
- '^127\.0\.0\.1$', : This will allow the site to only run from 127.0.0.1 instead of localhost.
Note : If someone running multisite, then in that case just specify all of the host patterns that are allowed by the site.