notice - Contribute
You see this error, because the submitted HTTP host-header does not match the trustedHosts configuration. You may want to adjust the trusted host pattern, which is security mechanism to validate the HTTP host-header and prevent host spoofing.
Please read the security advisory »TYPO3-CORE-SA-2014-001« to understand the need for this configuration option.
The trusted host pattern may be set with the Install Tool (Backend > Install Tool > All configuration > Toggle all and find trustedHostsPattern) or by editing »/typo3conf/LocalConfiguration.php«
This is a regular expression pattern that matches all allowed hostnames (including their ports) of this TYPO3 installation, or the string "SERVER_NAME" (default). The default value SERVER_NAME checks if the HTTP Host header equals the SERVER_NAME and SERVER_PORT. This is secure in correctly configured hosting environments and does not need further configuration.
Under certain circumstances, it might be required to change the default configuration. A typical case is a hosting setup with a Load Balancer, CDN or a HA proxy.
Typical configuration examples
The following matches all hosts that end with .domain.com with all corresponding subdomains:
A common setup could include the leading www. (optional):
The following matches all hosts with subdomains under .domain.com and .otherdomain.com:
Be aware that HTTP Host header may also contain a port. If your installation runs on a specific port, you need to explicitly allow this in your pattern. To allows only www.domain.com:88, not www.domain.com, you could configure:
To disable this check completely (not recommended because it is insecure) you can use ".*" as pattern:
Take a look at the extension 'hosts_pattern' which generates the patterns for you