--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/48278799-baea-4943-91b0-4d1f2318c3a5%40googlegroups.com.
Sorry, I still don't understand what "whitelisting the health check path" looks like.
Here's the snippet for anyone reading the thread after the pastebin expires.
ALLOWED_HOSTS = ['ourdomain.com'] EC2_PRIVATE_IP = None try: # AWS provided magic service that returns metadata about the instance making the call EC2_PRIVATE_IP = requests.get('http://169.254.169.254/latest/meta-data/local-ipv4', timeout = 0.01).text except requests.exceptions.RequestException: pass if EC2_PRIVATE_IP: ALLOWED_HOSTS.append(EC2_PRIVATE_IP)
We would find this valuable for the reason Jonas outlined. Health checks from AWS are sent without a host header, which causes the request to fail the host check. By whitelisting the health check path, it would simplify deployments to AWS and possibly others. Here's the workaround we use in production to support AWS health checks that may help give some more context: http://dpaste.com/2BS0C5M-Matt
On Fri, Sep 14, 2018 at 10:44 AM, Tim Graham <timog...@gmail.com> wrote:
What would be the value of that setting for your use case?
On Friday, September 14, 2018 at 11:52:46 AM UTC-4, Jonas H wrote:Hi,I've started a discussion on https://code.djangoproject.com/ticket/29752 to add a new ALLOWED_HOSTS_IGNORABLE_URLS setting.The setting can become handy if you can't control the Host header sent to your application but still want to accept the request. An example of this is health checks made by AWS ECS/Fargate – google "django allowed_hosts aws" and find 16,000 results with tips how to work around the problem.I'd like to discuss the addition on this list as per Tim's triage.Jonas
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/58003490-00cb-4b01-856b-a7672e3e3c13%40googlegroups.com.
-Matt
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/58003490-00cb-4b01-856b-a7672e3e3c13%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CA%2BSd1WdX0Cp2nLmGyMxhvM86jWq4G4CzDtwbM0ezsGgS-FM1tA%40mail.gmail.com.
What I usually do is rewriting the Host value at webserver level using one of the allowed when receiving healthchecks from a load balancer. This is not optimal and having a whitelist for some uris to allow requests without a valid host could make this specific thing easier
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/e51aa4d8-d263-4448-ab3c-d0717035fbcb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM0_uL%2B7APa%3DwgvU_GZaqO8fXDJOWAFKf0jGGB1pMVs2kg%40mail.gmail.com.