TYPO3 Exception 1396795884
Note
Below, the TYPO3 community may have provided additional information or solutions for this exception. However, these may or may not apply to your particular case. If you can provide more information, you should come back here and add your experience and solution steps to this issue once you have resolved it.
General TYPO3 troubleshooting tips can be found in the Troubleshooting section in the menu. You can also ask questions and receive support in the TYPO3 Questions category on talk.typo3.org.
To add your experience, click "Edit on GitHub" above and follow the "Edit on GitHub" workflow. Also check out our tip on Coding Style and reST.
The current host header value does not match the configured trusted hosts pattern!
Error displayed during installation of TYPO3
Usually, when installing a new TYPO3 instance, the system will detect the instance has not been configured yet and will redirect to the installer to proceed with the installation. However, depending on web server configuration, this trusted hosts pattern error may still be thrown and the redirect will not be performed. An easy way to circumvent this is to just manually add the path url typo3/ in the browser to directly reach the installer, which will take care of the trusted hosts pattern setting in one of its installer steps.
Error displayed on an existing instance
You see this error, because the submitted HTTP host-header does not match the trusted configuration. You may want to adjust the trusted host pattern, which is security mechanism to validate the HTTP host-header and prevent host spoofing.
Please read the security advisory »TYPO3-CORE-SA-2014-001« to understand the need for this configuration option.
The trusted host pattern may be set with the Install Tool (Backend > Install Tool > All configuration > Toggle all and find trustedHostsPattern) or by editing /typo3conf/.
$GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] This is a regular expression pattern that matches all allowed hostnames (including their ports) of this TYPO3 installation, or the string "SERVER_NAME" (default). The default value SERVER_ checks if the HTTP Host header equals the SERVER_ and SERVER_. This is secure in correctly configured hosting environments and does not need further configuration.
Under certain circumstances, it might be required to change the default configuration. A typical case is a hosting setup with a Load Balancer, CDN or a HA proxy.
Typical configuration examples
The following matches all hosts that end with .domain.com with all corresponding subdomains:
.*\.domain\.com A common setup could include the leading www. (optional):
(www\.)?domain\.com The following matches all hosts with subdomains under .domain.com and .otherdomain.com:
(.*\.domain|.*\.otherdomain)\.com Be aware that HTTP Host header may also contain a port. If your installation runs on a specific port, you need to explicitly allow this in your pattern. To allows only www.domain.com:88, not www.domain.com, you could configure:
www\.domain\.com:88 To disable this check completely (not recommended because it is insecure) you can use ".*" as pattern:
.* Extension 'hosts_pattern'
Take a look at the extension 'hosts_pattern' which generates the patterns for you