Kobocat crashing on invalid POST request

Hi all,

I’ve been having this issue for a few weeks now, but basically once a spam POST request reaches Kobocat, it crashes, it shows the error below in the uwsgi.log then all subsequent requests result in a 500 error.

Traceback (most recent call last):
File “/usr/local/lib/python2.7/dist-packages/django/core/handlers/wsgi.py”, line 189, in call
response = self.get_response(request)
File “/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py”, line 209, in get_response
response = self.get_exception_response(request, resolver, 400)
File “/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py”, line 90, in get_exception_response
response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
File “/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py”, line 268, in handle_uncaught_exception
return callback(request, **param_dict)
File “/usr/local/lib/python2.7/dist-packages/django/utils/decorators.py”, line 106, in _wrapped_view
result = middleware.process_view(request, view_func, args, kwargs)
File “/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.py”, line 159, in process_view
good_referer = ‘https://%s/’ % request.get_host()
File “/usr/local/lib/python2.7/dist-packages/django/http/request.py”, line 102, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: ‘’. You may need to add u’’ to ALLOWED_HOSTS.

one example is this spam request:

[pid: 107|app: 0|req: 281/532] () {48 vars in 843 bytes} [Mon Nov 23 17:22:30 2020] POST //www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php => generated 0 bytes in 4 msecs (HTTP/1.1 500) 0 headers in 0 bytes (0 switches on core 0)

I’m editing the nginx config to drop those requests but has anyone faced this before? anyone found a solution?