WIP: Add healthcheck ip ranges

thomasiles · thomasiles · commit 9a18dbc0aba1 · 2024-04-04T11:52:07.000+01:00
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -82,7 +82,11 @@
   config.active_record.dump_schema_after_migration = false
 
   # Enable DNS rebinding protection and other `Host` header attacks.
-  config.hosts << /.*\.forms\.service\.gov\.uk/
+  config.hosts [
+    /.*\.forms\.service\.gov\.uk/,
+    IPAddr.new('10.10.0.0/16') # for healthchecks in ECS
+  ]
+
   # Skip DNS rebinding protection for the default health check endpoint.
   # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
 end
