diff --git a/HISTORY.rst b/HISTORY.rst
index a21f143bc1..0fd4a55894 100644
--- a/HISTORY.rst
+++ b/HISTORY.rst
@@ -151,6 +151,7 @@
 - Add the option to enable or disable parsing when uploading a document for each document type.
 - Add a new setting option to enable automatic parsing for each new document type created.
 - Add support for HTML bodies to the user mailers.
+- Production ALLOWED_HOSTS settings now defaults to a safer ['127.0.0.1', 'localhost', '[::1]']
 
 2.7.3 (2017-09-11)
 ==================
diff --git a/docs/releases/3.0.rst b/docs/releases/3.0.rst
index 3a43b5f8e2..00deb74a98 100644
--- a/docs/releases/3.0.rst
+++ b/docs/releases/3.0.rst
@@ -470,6 +470,7 @@ Other changes worth mentioning
 - Add the option to enable or disable parsing when uploading a document for each document type.
 - Add a new setting option to enable automatic parsing for each new document type created.
 - Add support for HTML bodies to the user mailers.
+- Production ALLOWED_HOSTS settings now defaults to a safer ['127.0.0.1', 'localhost', '[::1]']
 
 Removals
 --------
diff --git a/mayan/settings/production.py b/mayan/settings/production.py
index 908b6704e3..cddc7a122e 100644
--- a/mayan/settings/production.py
+++ b/mayan/settings/production.py
@@ -4,7 +4,7 @@ from . import *  # NOQA
 
 # Update this accordingly;
 # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS = ['127.0.0.1', 'localhost', '[::1]']
 
 TEMPLATES[0]['OPTIONS']['loaders'] = (
     (