WIP: Add healthcheck ip ranges

alphagov · Apr 4, 2024 · 9a18dbc · 9a18dbc
1 parent 9f4957d
commit 9a18dbc
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -82,7 +82,11 @@
   config.active_record.dump_schema_after_migration = false
 
   # Enable DNS rebinding protection and other `Host` header attacks.
-  config.hosts << /.*\.forms\.service\.gov\.uk/
+  config.hosts [
+    /.*\.forms\.service\.gov\.uk/,
+    IPAddr.new('10.10.0.0/16') # for healthchecks in ECS
+  ]
+
   # Skip DNS rebinding protection for the default health check endpoint.
   # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
 end