I have just installed Elgg 4.3.8 (Stable Release - April 4, 2023). Installation went fine, and was able to login, but for some reason when I logout and return to the site, I get Bad request - Error - The request contains an invalid HOST header. I have tried Elgg 3.3.25, but no such issue. Could someone point out what could this error be. BTW, when I click on the Top Left Site name, the error disappears. Site address is https://www.myhotfb.com
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Jerome Bakker@jeabakker
Jerome Bakker - 1 like
- MyHoTFB.COM ®@myHoTFB
MyHoTFB.COM ® - 0 likes
You must log in to post replies.This error occurs when the host in your /elgg-config/settings.php is different from the host in PHP.
This is done to help prevent malicious link generation.
https://github.com/Elgg/Elgg/blob/b7b6827e6aa3374670414bb9838d4d39e9a9fd4a/engine/classes/Elgg/Http/Request.php#L466-L478
@Jerome Bakker, thanks for the detailed insight.
I found the solution to it by properly defining the SSL/https rewrite request in .htaccess as bellow:
#First redirect all Http request to https
#Ensure that we exclude any sub-domains
RewriteCond %{HTTP_HOST} ^(www\.)?myhotfb.com$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.myhotfb.com%{REQUEST_URI} [NC,L,R]
#Secondly redirect all non-www to www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NC,L,R]