I have just installed Elgg 4.3.8 (Stable Release - April 4, 2023). Installation went fine, and was able to login, but for some reason when I logout and return to the site, I get Bad request - Error - The request contains an invalid HOST header. I have tried Elgg 3.3.25, but no such issue. Could someone point out what could this error be. BTW, when I click on the Top Left Site name, the error disappears. Site address is https://www.myhotfb.com
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Jerome Bakker@jeabakker

Jerome Bakker - 1 like
- MyHoTFB.COM ®@myHoTFB

MyHoTFB.COM ® - 0 likes
- Robert Cooper@offternet

Robert Cooper - 0 likes
You must log in to post replies.This error occurs when the host in your /elgg-config/settings.php is different from the host in PHP.
This is done to help prevent malicious link generation.
https://github.com/Elgg/Elgg/blob/b7b6827e6aa3374670414bb9838d4d39e9a9fd4a/engine/classes/Elgg/Http/Request.php#L466-L478
@Jerome Bakker, thanks for the detailed insight.
I found the solution to it by properly defining the SSL/https rewrite request in .htaccess as bellow:
#First redirect all Http request to https
#Ensure that we exclude any sub-domains
RewriteCond %{HTTP_HOST} ^(www\.)?myhotfb.com$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.myhotfb.com%{REQUEST_URI} [NC,L,R]
#Secondly redirect all non-www to www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NC,L,R]
I use Godaddy.com linux hosting. To get around invalid host error when vistor use www.mycoolsite.com, I just strip out the www. in front of the user link and it solved error.
# If you must add RewriteRules to change hostname, add them directly below (above all the others)
# ## strip www from vistor's url by Robert Cooper for Elgg6 ######
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1%{REQUEST_URI} [R=301,QSA,NC,L]
# ## end strip www code ################################