I implemented something for this in the django-alive package via a middleware that will bypass the host checking:
https://github.com/lincolnloop/django-alive/#disabling-allowed_hosts-for-healthchecks https://github.com/lincolnloop/django-alive/blob/master/django_alive/middleware.py On Fri, Sep 14, 2018 at 3:18 PM Adam Johnson <m...@adamj.eu> wrote: > The snippet Matt posted is the same technique I've used for ages, albeit > using the ec2-metadata <https://github.com/adamchainz/ec2-metadata> library. I > think it's perfectly fine as-is, the Host header EC2 uses is actually > predictable as the EC2 Private IP. I don't think Django needs another > setting that disables a security feature and could be open to > misconfiguration. > > On Fri, 14 Sep 2018 at 20:29, Mattia Procopio <proma...@gmail.com> wrote: > >> What I usually do is rewriting the Host value at webserver level using >> one of the allowed when receiving healthchecks from a load balancer. This >> is not optimal and having a whitelist for some uris to allow requests >> without a valid host could make this specific thing easier >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-developers+unsubscr...@googlegroups.com. >> To post to this group, send email to django-developers@googlegroups.com. >> Visit this group at https://groups.google.com/group/django-developers. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/e51aa4d8-d263-4448-ab3c-d0717035fbcb%40googlegroups.com >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > Adam > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/CAMyDDM0_uL%2B7APa%3DwgvU_GZaqO8fXDJOWAFKf0jGGB1pMVs2kg%40mail.gmail.com > <https://groups.google.com/d/msgid/django-developers/CAMyDDM0_uL%2B7APa%3DwgvU_GZaqO8fXDJOWAFKf0jGGB1pMVs2kg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAAoxf4v_eJ-%3D%3Dpd-ZA42PLkmN2Gq_QNeHz_D%3DsunZZexVqdt5w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
