1

Background:

Current setup is

  • Have a website hosted in AWS S3 (e.g. app.com)
  • Have api server hosted in elastic beanstalk (e.g. api.com)
  • Website makes api requests to api server

ALLOWED_HOST has been set in Django so that it includes

  • The elastic beanstalk address
  • The url for the api

Issues:

  • The web app is working fine. However, I am seeing numerous requests to the api from random urls (bots, exploits, etc). This is firing off hundreds of Invalid HTTP_HOST header errors. I could obviously turn off the error notification, but that does not feel right.
  • The log suggests adding bunch of ip addresses to the ALLOWED_HOST, most of which is the ip address of my load balancer. However, as my regular api requests are going through without problem, I doubt adding the IP address of load balancer to ALLOWED_HOST is the solution either.
  • So that would leave changing the load balancer itself so that it does not direct requests to Django if it is invalid. I have found a few answer with regards to this such as

Two questions:

  • Is the above modification the correct way to handle this problem?
  • Is there a way to apply this programmatically to Elastic Beanstalk environment?

Will appreciate any help

Thank you!

Daniel K
  • 53
  • 3

1 Answers1

0

These are probably the elastic beanstalk healthcheck calls. These come from an IP address.

Try adding to settings.py

from socket import gethostname, gethostbyname  # For AWS Healthchecker
HOST_NAME = gethostname()
HOST_IP = gethostbyname(HOST_NAME)
ALLOWED_HOSTS [ 
    ...
    HOME_NAME, HOME_IP,
    ...
]
HenryM
  • 5,557
  • 7
  • 49
  • 105