[Fixed]-Django ALLOWED_HOSTS with ELB HealthCheck


Here is another solution using Django Middleware.

Django’s django.middleware.common.CommonMiddleware calls request.get_host(), which validates the request with ALLOWED_HOSTS. If you simply want to check that the application is running, you can create a middleware like this.

from django.http import HttpResponse

class HealthCheckMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        if request.path == '/health':
            return HttpResponse('ok')
        return self.get_response(request)

And put your HealthCheckMiddleware in front of CommonMiddleware in settings.py


And your application will always respond to path /health with ok as long as your app is running regardless of any configurations.


Your EC2 instance can query metadata about itself, including its IP address which is available at:

You can test this by ssh-ing into your EC2 instance and running:


So, in your configuration, you can do something like:

import requests

ALLOWED_HOSTS = ['.yourdomain.com', ]
    EC2_IP = requests.get('').text
except requests.exceptions.RequestException:

Obviously you can replace requests with urllib if you don’t want the dependency.




The solution that worked for me was to simply install the django-ebhealthcheck library. After installing it, just add ebhealthcheck.apps.EBHealthCheckConfig to your INSTALLED_APPS.

From django-ebhealthcheck GitHub:

By default, Elastic Beanstalk’s health check system uses the public IP
of each load balanced instance as the request’s host header when
making a request. Unless added to ALLOWED_HOSTS, this causes Django to
return a 400 Bad Request and a failed health check.

This app dynamically adds your instance’s public IP address to
Django’s ALLOWED_HOSTS setting to permit health checks to succeed.
This happens upon application start.

Version 2.0.0 and higher supports IMDSv2. If you are using v1 and
cannot upgrade, use version 1 of this library instead (pip install


  1. pip install django-ebhealthcheck

  2. Add ebhealthcheck.apps.EBHealthCheckConfig to your INSTALLED_APPS:



To expand on the answer provided by dfrdmn:

While this answer works well in most cases, it has a couple small potential problems.

AWS ELB Network Load Balancers

First, if you are using an ELB network load balancer, this method won’t work with its HTTP health checks because the load balancer sends the IP address of the load balancer in the HTTP host header. From the AWS docs:

The HTTP host header in the health check request contains the IP address of the load balancer node and the listener port, not the IP address of the target and the health check port. If you are mapping incoming requests by host header, you must ensure that health checks match any HTTP host header. Another option is to add a separate HTTP service on a different port and configure the target group to use that port for health checks instead. Alternatively, consider using TCP health checks.

So, adding your instance (target group) IP to your ALLOWED_HOSTS will not work. As stated, you could use TCP health checks, or you could use the middleware approach described in another answer.

Metadata endpoint is throttled

Second, because the metadata endpoint limits number of concurrent connections and throttles requests, you may encounter issues in some cases.

Your Django settings.py file is executed for every process and any time processes need to restart. This is important if your webserver is configured to use multiple processes, such as when using gunicorn workers, as is commonly configured to properly take full advantage of system CPU resources.

This means that, with enough processes, your settings.py file will be executed many times, sending many concurrent requests to the metadata endpoint and your processes could fail to start. Further, on subsequent process restarts, the throttling will exacerbate the throttling problem. In some circumstances, this can cause your application to grind to a halt or have fewer processes running than intended.

To get around this, you could do a few things:

  1. Obtain the IP address before starting your server and set the IP address as an environment variable, then read the environment variable to add it to your allowed hosts.
$ gunicorn -w 10 ... myapp:app
# settings.py

ALLOWED_HOSTS = ['myhost.tld', ]

if os.getenv('ALLOWED_HOST_EC2_PRIVATE_IP'):

You may yet still encounter throttling issues with the metadata endpoint if many applications or other services utilize the instance’s metadata at the same time.

  1. For services running in containers on ECS you can use the container metadata file

You can do this safely within the settings.py because there is no throttling or rate limit for accessing this file. This also avoids your application potentially interfering with other services that need the instance’s metadata endpoint.

# settings.py
import os
import json

ALLOWED_HOSTS = ['myhost.tld', ]

    metadata_file_path = os.environ['ECS_CONTAINER_METADATA_FILE']
    with open(metadata_file_path) as f:
        metadata = json.load(f)
    private_ip = metadata["HostPrivateIPv4Address"]

You could also combine the first approach with the metadata file, in your container’s ENTRYPOINT.

#!/usr/bin/env bash
# docker-entrypoint.sh

exec "$@"
FROM myapplication
COPY docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["gunicorn", "whatever"]


I like Watt Imsuri‘s answer above, and I think I’m going to use this approach in all my projects so I turned it into a pip package for Django.

pip install django-easy-health-check

Add the health check middleware to Django settings before django.middleware.common.CommonMiddleware:


By default, the health check url will be available at "example.com/healthcheck/".

You can also customize and overwrite the default settings by including the following in your project’s settings.py:

    "PATH": "/healthcheck/",

In production, you may also want to set the following Django settings:

ALLOWED_HOSTS = ["example.com"]
SECURE_REDIRECT_EXEMPT = [r'^healthcheck/$']

For more info, check out the git.


The other solution doesn’t answer the question because it doesn’t take into consideration all the various tools AWS has (ELB, etc). What we ended up doing (since we use nginx + uwsgi) is we set the header to something valid when the user sends a request.

As documented on this page:


We put our nginx configuration as below:

set $my_host $host;
if ($host ~ "\d+\.\d+\.\d+\.\d+") {
  set $my_host "example.com";

location / {
  uwsgi_pass unix:///tmp/mysite.com.sock;
  uwsgi_param HTTP_HOST $my_host;
  include uwsgi_params;

The key here is to put a valid value for $my_host as per your ALLOWED_HOSTS.

Unfortunately there is no “perfect” solution without increasing overhead. Some configurations will require you to add IP addresses all the time to the ALLOWED_HOSTS but this solution would generally work with the least over head.


Leave a comment