From f8b88f6a6bbfec210c2a87b75d2837cbe57f8e42 Mon Sep 17 00:00:00 2001
From: Joshua Pereyda <jtpereyda@users.noreply.github.com>
Date: Tue, 29 Mar 2016 10:37:28 -0700
Subject: [PATCH] [1.9.x] Fixed #26419 -- Added a link in ALLOWED_HOSTS docs.

Backport of f8b31dfdfc0cf6a516bcbc10c4e2f696ce3a9bda from master
---
 docs/ref/settings.txt | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 43262a0d6e..4770bcea90 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -65,9 +65,8 @@ See :doc:`/howto/error-reporting` for more information.
 Default: ``[]`` (Empty list)
 
 A list of strings representing the host/domain names that this Django site can
-serve. This is a security measure to prevent an attacker from poisoning caches
-and triggering password reset emails with links to malicious hosts by submitting
-requests with a fake HTTP ``Host`` header, which is possible even under many
+serve. This is a security measure to prevent :ref:`HTTP Host header attacks
+<host-headers-virtual-hosting>`, which are possible even under many
 seemingly-safe web server configurations.
 
 Values in this list can be fully qualified names (e.g. ``'www.example.com'``),