All page names need to be in English.
en da  de  fr  it  ja  km  nl  ru  zh


From TYPO3Wiki
Jump to: navigation, search
This page belongs to the Core Team (category Core Team)

notice - Contribute

If you encountered this exception, please help others by providing information about how you got this error.
Especially if you have a solution, please login and add it to this page!

You see this error, because the submitted HTTP host-header does not match the trustedHosts configuration. You may want to adjust the trusted host pattern, which is security mechanism to validate the HTTP host-header and prevent host spoofing.

Please read the security advisory »TYPO3-CORE-SA-2014-001« to understand the need for this configuration option.

The trusted host pattern may be set with the Install Tool (Backend > Install Tool > All configuration > Toggle all and find trustedHostsPattern) or by editing »/typo3conf/LocalConfiguration.php«


This is a regular expression pattern that matches all allowed hostnames (including their ports) of this TYPO3 installation, or the string "SERVER_NAME" (default). The default value SERVER_NAME checks if the HTTP Host header equals the SERVER_NAME and SERVER_PORT. This is secure in correctly configured hosting environments and does not need further configuration.

Under certain circumstances, it might be required to change the default configuration. A typical case is a hosting setup with a Load Balancer, CDN or a HA proxy.

Typical configuration examples

The following matches all hosts that end with with all corresponding subdomains:


A common setup could include the leading www. (optional):


The following matches all hosts with subdomains under and


Be aware that HTTP Host header may also contain a port. If your installation runs on a specific port, you need to explicitly allow this in your pattern. To allows only, not, you could configure:


To disable this check completely (not recommended because it is insecure) you can use ".*" as pattern:


Extension 'hosts_pattern'

Take a look at the extension 'hosts_pattern' which generates the patterns for you