I have a Django application deployed on AWS via ECS (Dockerized) using gunicorn and nginx. As the
DEBUG=False
for Django deployment I've configured a logging setting to receive logs on WARNINGs & above via mail_admins.
With a standard setup on nginx configuration (below) I started to receive tons of logs (mails) with 'BadRequest' or 'DisallowedHost' errors (most probably scanning/scraping bots) which were rejected by Django as I have set my ALLOWED_HOSTS=[my-site.com].
nginx.conf
upstream django-backend {
server 172.17.0.1:8000;
}
server {
listen 80;
location / {
proxy_pass http://django-backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
I followed examples from following solutions to block the traffic hitting my Django application:
Having ultimately nginx.conf updated with:
server {
listen 80;
server_name "";
return 444;
}
server {
listen 80;
server_name my-site.com;
# Rest of configuration
}
This worked quite well, however, I couldn't setup the nginx in such way to allow AWS ELB to perform the Health check and I had following logs in AWS:
xxx.xx.xx.xx - - [26/Feb/2024:19:30:03 +0000] "GET /health HTTP/1.1" 444 0 "-" "ELB-HealthChecker/2.0" "-"
xxx.xx.xx.xx - - [26/Feb/2024:19:30:03 +0000] "GET /health HTTP/1.1" 444 0 "-" "ELB-HealthChecker/2.0" "-"
xxx.xx.xx.xx - - [26/Feb/2024:19:30:03 +0000] "GET /health HTTP/1.1" 444 0 "-" "ELB-HealthChecker/2.0" "-"
I have a Health Check set up from: by @Watt Iamsuri here
Anyone would have any suggestion on solution how to pass the AWS ELB Health check in this case?