[1.9.x] Fixed #26419 -- Added a link in ALLOWED_HOSTS docs.

Backport of f8b31dfdfc0cf6a516bcbc10c4e2f696ce3a9bda from master
author: Joshua Pereyda <jtpereyda@users.noreply.github.com> 2016-03-29 10:37:28 -0700
committer: Tim Graham <timograham@gmail.com> 2016-04-04 11:08:38 -0400
commit: f8b88f6a6bbfec210c2a87b75d2837cbe57f8e42 (patch)
tree: a01f14bf6260e41d18b6a4837d35b01b6ce30fc0 /docs/ref
parent: dd1ab1499077dcf176b01ae466c262d63fe1d34e (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 43262a0d6e..4770bcea90 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -65,9 +65,8 @@ See :doc:`/howto/error-reporting` for more information.
 Default: ``[]`` (Empty list)
 
 A list of strings representing the host/domain names that this Django site can
-serve. This is a security measure to prevent an attacker from poisoning caches
-and triggering password reset emails with links to malicious hosts by submitting
-requests with a fake HTTP ``Host`` header, which is possible even under many
+serve. This is a security measure to prevent :ref:`HTTP Host header attacks
+<host-headers-virtual-hosting>`, which are possible even under many
 seemingly-safe web server configurations.
 
 Values in this list can be fully qualified names (e.g. ``'www.example.com'``),
author	Joshua Pereyda <jtpereyda@users.noreply.github.com>	2016-03-29 10:37:28 -0700
committer	Tim Graham <timograham@gmail.com>	2016-04-04 11:08:38 -0400
commit	f8b88f6a6bbfec210c2a87b75d2837cbe57f8e42 (patch)
tree	a01f14bf6260e41d18b6a4837d35b01b6ce30fc0 /docs/ref
parent	dd1ab1499077dcf176b01ae466c262d63fe1d34e (diff)