diff --git a/cms/envs/production.py b/cms/envs/production.py
index f2d7ab88e4..09b203f6dd 100644
--- a/cms/envs/production.py
+++ b/cms/envs/production.py
@@ -89,6 +89,7 @@ with codecs.open(CONFIG_FILE, encoding='utf-8') as f:
             'EVENT_BUS_PRODUCER_CONFIG',
             'DEFAULT_FILE_STORAGE',
             'STATICFILES_STORAGE',
+            'ALLOWED_HOSTS',
         ]
     })
 
@@ -139,11 +140,19 @@ if STATIC_ROOT_BASE:
 
 DATA_DIR = path(DATA_DIR)
 
-ALLOWED_HOSTS = [
-    # TODO: bbeggs remove this before prod, temp fix to get load testing running
-    "*",
-    CMS_BASE,
-]
+# Configure ALLOWED_HOSTS based on YAML configuration
+# If ALLOWED_HOSTS is explicitly set in YAML, use that; otherwise include "*" as fallback
+if 'ALLOWED_HOSTS' in _YAML_TOKENS:
+    # User has explicitly configured ALLOWED_HOSTS in YAML
+    ALLOWED_HOSTS = _YAML_TOKENS['ALLOWED_HOSTS']
+else:
+    # Default behavior: include wildcard and CMS_BASE
+    ALLOWED_HOSTS = [
+        "*",
+    ]
+
+if CMS_BASE and CMS_BASE not in ALLOWED_HOSTS:
+    ALLOWED_HOSTS.append(CMS_BASE)
 
 # Cache used for location mapping -- called many times with the same key/value
 # in a given request.
diff --git a/lms/envs/production.py b/lms/envs/production.py
index 0620d4f2c0..8f51250191 100644
--- a/lms/envs/production.py
+++ b/lms/envs/production.py
@@ -84,6 +84,7 @@ with codecs.open(CONFIG_FILE, encoding='utf-8') as f:
             'EVENT_BUS_PRODUCER_CONFIG',
             'DEFAULT_FILE_STORAGE',
             'STATICFILES_STORAGE',
+            'ALLOWED_HOSTS',
         ]
     })
 
@@ -141,10 +142,20 @@ SESSION_COOKIE_SAMESITE = DCS_SESSION_COOKIE_SAMESITE
 for feature, value in _YAML_TOKENS.get('FEATURES', {}).items():
     FEATURES[feature] = value
 
-ALLOWED_HOSTS = [
-    "*",
-    _YAML_TOKENS.get('LMS_BASE'),
-]
+# Configure ALLOWED_HOSTS based on YAML configuration
+# If ALLOWED_HOSTS is explicitly set in YAML, use that; otherwise include "*" as fallback
+if 'ALLOWED_HOSTS' in _YAML_TOKENS:
+    # User has explicitly configured ALLOWED_HOSTS in YAML
+    ALLOWED_HOSTS = _YAML_TOKENS['ALLOWED_HOSTS']
+else:
+    # Default behavior: include wildcard and LMS_BASE
+    ALLOWED_HOSTS = [
+        "*",
+    ]
+
+LMS_BASE = _YAML_TOKENS.get('LMS_BASE')
+if LMS_BASE and LMS_BASE not in ALLOWED_HOSTS:
+    ALLOWED_HOSTS.append(LMS_BASE)
 
 # Cache used for location mapping -- called many times with the same key/value
 # in a given request.