White list internal hosts that perform health-checks
Project description
Django Allow Health-Checks
Background
Kubernetes, load-balancers and other PaaS have a concept of a health check. These are simple GET requests against an endpoint that you define which tells the orchestrator if a web worker is healthy or not. The problem is that these requests come from within the same network running your app using an non-deterministic hostname or IP address. So instead of making your allowed hosts wide open with ['*']
(to allow any requests to get by), you can simply install this package to allow these requests to occur without introducing more technical/security risks then necessary.
For example, given a kubernetes deployment with the following details:
#... other details
containers:
- name: app
image: registry.gitlab.com/username/cool-app/app
livenessProbe:
httpGet:
path: /health-check/
port: 8000
httpHeaders:
- name: X-Health
value: XYZ-123
initialDelaySeconds: 3
periodSeconds: 60
imagePullPolicy: Always
You can allow these requests to get by by simply adding this to your settings
HEALTH_CHECK_HEADER_VALUE = 'XYZ-123'
Setup
Install django-allow-healthchecks
pip3 install django-allow-healthchecks
Add the class to your middleware, ideally first in the list
MIDDLEWARE = [
'django_allow_healthchecks.middleware.ByPassForHealthChecks', # <~ Add this
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
Assign your magical header value
HEALTH_CHECK_HEADER_VALUE = 'XYZ-Health'
Notes
Python3.5+ + Django 2.2+! Get on board!!
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for django-allow-healthchecks-0.1.4.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1a680e82341e1e449849d244b0520c825763e149ec3a94fb10ca75bf0f58cece |
|
MD5 | faf09ac0cf03848676137e40d66ccd93 |
|
BLAKE2b-256 | f330e10d6631007eccfa5f3e4e178fffa2e7e16a7d2edb696e47e75464b49db7 |