diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
index ad4e48635..ca012fda3 100644
--- a/internal/conf/configuration.go
+++ b/internal/conf/configuration.go
@@ -569,6 +569,7 @@ func loadEnvironment(filename string) error {
 
 // Moving away from the existing HookConfig so we can get a fresh start.
 type HookConfiguration struct {
+	AllowedLocalHostNames       []string                        `json:"allowed_local_names" split_words:"true"`
 	MFAVerificationAttempt      ExtensibilityPointConfiguration `json:"mfa_verification_attempt" split_words:"true"`
 	PasswordVerificationAttempt ExtensibilityPointConfiguration `json:"password_verification_attempt" split_words:"true"`
 	CustomAccessToken           ExtensibilityPointConfiguration `json:"custom_access_token" split_words:"true"`
@@ -607,14 +608,23 @@ func (h *HookConfiguration) Validate() error {
 		h.SendEmail,
 	}
 	for _, point := range points {
-		if err := point.ValidateExtensibilityPoint(); err != nil {
+		if err := point.ValidateExtensibilityPoint(h.AllowedLocalHostNames); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 
-func (e *ExtensibilityPointConfiguration) ValidateExtensibilityPoint() error {
+func isStringInSlice(checkValue string, list []string) bool {
+	for _, val := range list {
+		if val == checkValue {
+			return true
+		}
+	}
+	return false
+}
+
+func (e *ExtensibilityPointConfiguration) ValidateExtensibilityPoint(allowedHTTPHostNames []string) error {
 	if e.URI == "" {
 		return nil
 	}
@@ -627,10 +637,13 @@ func (e *ExtensibilityPointConfiguration) ValidateExtensibilityPoint() error {
 		return validatePostgresPath(u)
 	case "http":
 		hostname := u.Hostname()
-		if hostname == "localhost" || hostname == "127.0.0.1" || hostname == "::1" || hostname == "host.docker.internal" {
+		if len(allowedHTTPHostNames) == 0 {
+			allowedHTTPHostNames = []string{"localhost", "127.0.0.1", "::1", "host.docker.internal"}
+		}
+		if isStringInSlice(hostname, allowedHTTPHostNames) {
 			return validateHTTPHookSecrets(e.HTTPHookSecrets)
 		}
-		return fmt.Errorf("only localhost, 127.0.0.1, and ::1 are supported with http")
+		return fmt.Errorf("hostname is %q: only %s are supported with http", hostname, strings.Join(allowedHTTPHostNames, ", "))
 	case "https":
 		return validateHTTPHookSecrets(e.HTTPHookSecrets)
 	default:
diff --git a/internal/conf/configuration_test.go b/internal/conf/configuration_test.go
index 5c1b65f6e..7f5418881 100644
--- a/internal/conf/configuration_test.go
+++ b/internal/conf/configuration_test.go
@@ -155,6 +155,14 @@ func TestHTTPHookSecretsDecode(t *testing.T) {
 }
 
 func TestValidateExtensibilityPointURI(t *testing.T) {
+	allowedLocalHostNames := []string{
+		"localhost",
+		"127.0.0.1",
+		"::1",
+		"host.docker.internal",
+		"kong",
+		"edge_runtime",
+	}
 	cases := []struct {
 		desc        string
 		uri         string
@@ -167,6 +175,8 @@ func TestValidateExtensibilityPointURI(t *testing.T) {
 		{desc: "Another Valid URI", uri: "pg-functions://postgres/user_management/add_user", expectError: false},
 		{desc: "Another Valid URI", uri: "pg-functions://postgres/MySpeCial/FUNCTION_THAT_YELLS_AT_YOU", expectError: false},
 		{desc: "Valid HTTP URI", uri: "http://localhost/functions/v1/custom-sms-sender", expectError: false},
+		{desc: "Valid localhost URI with kong alias", uri: "http://kong:8000/functions/v1/custom-sms-sender", expectError: false},
+		{desc: "Valid localhost URI with edge_runtime", uri: "http://edge_runtime:54321/functions/v1/custom-sms-sender", expectError: false},
 
 		// Negative test cases
 		{desc: "Invalid HTTP URI", uri: "http://asdfgggg.website.co/functions/v1/custom-sms-sender", expectError: true},
@@ -178,7 +188,7 @@ func TestValidateExtensibilityPointURI(t *testing.T) {
 
 	for _, tc := range cases {
 		ep := ExtensibilityPointConfiguration{URI: tc.uri}
-		err := ep.ValidateExtensibilityPoint()
+		err := ep.ValidateExtensibilityPoint(allowedLocalHostNames)
 		if tc.expectError {
 			require.Error(t, err)
 		} else {
@@ -204,8 +214,9 @@ func TestValidateExtensibilityPointSecrets(t *testing.T) {
 		{desc: "Invalid Symmetric Secret", secret: []string{"tommy"}, expectError: true},
 	}
 	for _, tc := range cases {
+		allowedLocalHostNames := []string{}
 		ep := ExtensibilityPointConfiguration{URI: validHTTPSURI, HTTPHookSecrets: tc.secret}
-		err := ep.ValidateExtensibilityPoint()
+		err := ep.ValidateExtensibilityPoint(allowedLocalHostNames)
 		if tc.expectError {
 			require.Error(t, err)
 		} else {