i have django app, using apache , mod_wsgi running on ec2 instance behind aws elb balancer. balancer maps ssl traffic (port 443) port 8080 on ec2 instance. apache has virtualhost configured on port 8080 serve django app, servername set domain name website. django runs in production mode (debug=false) , exposes, among other things, healtcheck endpoint (at /healtcheck). allowed_hosts setting set domain name website, plus private ip address of ec2 instance, in order allow load balancer hit healthcheck endpoint.
everything works fine set-up. problem keep receiving occasional bursts of e-mails django error messages similar this: error (external ip): invalid http_host header: '52.51.147.134'. may need add u'52.51.147.134' allowed_hosts. headers contain http_x_forwarded_for = '139.162.13.205'
i various ip addresses (and hostnames), belonging script kiddies, presume.
how can block traffic ever reaching django app, while still allowing valid traffic (where http_host domain name) , elb healthcheck traffic (where http_host ec2 private ip address)?
i suggest allow traffic on ec2 instance load balancer using security group , ip address of office/home if ssh'ing ec2 instance.
this stop script kiddies hitting ec2 instance directly appears happening here.
Comments
Post a Comment