HTTP Trusted Hosts for Drupal 7

Make sure your Drupal 7 site doesn't have an identity crisis!
Make sure your Drupal 7 site doesn't have an identity crisis!

Drupal 8 introduced a "Trusted Hosts" configuration value which makes sure your site is responding only when it should. Essentially, it stops people from registering their own domain names and pointing them at your site, whereupon Drupal "detects" that bad domain name as the site's default URL and serves stuff anyway. Various versions of this exploit can lead to problems ranging from people duplicating your site to steal your SEO, all the way up to on-site security vulnerabilities allowing people to gain access to your site. For Drupal 7 users, this feature is not in core but there are a variety of ways to handle the problem, depending on what type of behavior you are trying to limit.

There is a great writeup on Drupal.org that clearly outlines the issue and give you some very basic pointers on how to clean-up your situation - check it out at https://www.drupal.org/node/1992030

You can also find a nice discussion of how the Drupal 8 feature came about, and what security concerns were addressed in adopting the Symfony framework's "Trusted Hosts" functionality into Drupal, at https://www.drupal.org/node/2221699

Tags: