White list internal hosts that perform health-checks
Django Allow Health-Checks
Kubernetes, load-balancers and other PaaS have a concept of a health check. These are simple GET requests against an endpoint that you define which tells the orchestrator if a web worker is healthy or not. The problem is that these requests come from within the same network running your app using an non-deterministic hostname or IP address. So instead of making your allowed hosts wide open with
['*'] (to allow any requests to get by), you can simply install this package to allow these requests to occur without introducing more technical/security risks then necessary.
For example, given a kubernetes deployment with the following details:
#... other details containers: - name: app image: registry.gitlab.com/username/cool-app/app livenessProbe: httpGet: path: /health-check/ port: 8000 httpHeaders: - name: X-Health value: XYZ-123 initialDelaySeconds: 3 periodSeconds: 60 imagePullPolicy: Always
You can allow these requests to get by by simply adding this to your settings
HEALTH_CHECK_HEADER_VALUE = 'XYZ-123'
pip3 install django-allow-healthchecks
Add the class to your middleware, ideally first in the list
MIDDLEWARE = [ 'django_allow_healthchecks.middleware.ByPassForHealthChecks', # <~ Add this 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
Assign your magical header value
HEALTH_CHECK_HEADER_VALUE = 'XYZ-Health'
Python3.5+ + Django 2.2+! Get on board!!
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size django-allow-healthchecks-0.1.4.tar.gz (5.7 kB)||File type Source||Python version None||Upload date||Hashes View hashes|
Hashes for django-allow-healthchecks-0.1.4.tar.gz