5👍
ALLOWED_HOSTS has been been added in the version 1.5 “to prevent an attacker from poisoning caches and password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header”
Basically you only need to add the name of domains here which will be using the project.
Example:
ALLOWED_HOSTS = ['www.my-django-project.com', 'your-username.webfaction.com', ]
# ie. not the ip-address but the actual domain name
This is used only in production (that is why it shows up only when DEBUG is set to FALSE). As it is used in production settings, thus you will need to add the above in production_settings.py and not in local_settings.py
Link to documentation: https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
Source:stackexchange.com