diff --git a/docs/configuration/optional-settings.md b/docs/configuration/optional-settings.md index 617878fbb..3c4392915 100644 --- a/docs/configuration/optional-settings.md +++ b/docs/configuration/optional-settings.md @@ -86,7 +86,12 @@ CORS_ORIGIN_WHITELIST = [ Default: False -This setting enables debugging. This should be done only during development or troubleshooting. Never enable debugging on a production system, as it can expose sensitive data to unauthenticated users. +This setting enables debugging. This should be done only during development or troubleshooting. Note that only clients +which access NetBox from a recognized [internal IP address](#internal_ips) will see debugging tools in the user +interface. + +!!! warning + Never enable debugging on a production system, as it can expose sensitive data to unauthenticated users. --- @@ -184,6 +189,16 @@ HTTP_PROXIES = { --- +## INTERNAL_IPS + +Default: `('127.0.0.1', '::1',)` + +A list of IP addresses recognized as internal to the system, used to control the display of debugging output. For +example, the debugging toolbar will be viewable only when a client is accessing NetBox from one of the listed IP +addresses (and [`DEBUG`](#debug) is true). + +--- + ## LOGGING By default, all messages of INFO severity or higher will be logged to the console. Additionally, if `DEBUG` is False and email access has been configured, ERROR and CRITICAL messages will be emailed to the users defined in `ADMINS`. diff --git a/docs/release-notes/version-2.8.md b/docs/release-notes/version-2.8.md index d761020ad..f28f8af7d 100644 --- a/docs/release-notes/version-2.8.md +++ b/docs/release-notes/version-2.8.md @@ -6,6 +6,7 @@ ### Enhancements +* [#4650](https://github.com/netbox-community/netbox/issues/4650) - Expose `INTERNAL_IPS` configuration parameter * [#4651](https://github.com/netbox-community/netbox/issues/4651) - Add `csrf_token` context for plugin templates * [#4652](https://github.com/netbox-community/netbox/issues/4652) - Add permissions context for plugin templates * [#4665](https://github.com/netbox-community/netbox/issues/4665) - Add NEMA L14 and L21 power port/outlet types diff --git a/netbox/netbox/configuration.example.py b/netbox/netbox/configuration.example.py index a020c4322..941cbcd88 100644 --- a/netbox/netbox/configuration.example.py +++ b/netbox/netbox/configuration.example.py @@ -132,6 +132,10 @@ EXEMPT_VIEW_PERMISSIONS = [ # 'https': 'http://10.10.1.10:1080', # } +# IP addresses recognized as internal to the system. The debugging toolbar will be available only to clients accessing +# NetBox from an internal IP. +INTERNAL_IPS = ('127.0.0.1', '::1') + # Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs: # https://docs.djangoproject.com/en/stable/topics/logging/ LOGGING = {} diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index 56fd9bb0f..b1978d749 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -78,6 +78,7 @@ EMAIL = getattr(configuration, 'EMAIL', {}) ENFORCE_GLOBAL_UNIQUE = getattr(configuration, 'ENFORCE_GLOBAL_UNIQUE', False) EXEMPT_VIEW_PERMISSIONS = getattr(configuration, 'EXEMPT_VIEW_PERMISSIONS', []) HTTP_PROXIES = getattr(configuration, 'HTTP_PROXIES', None) +INTERNAL_IPS = getattr(configuration, 'INTERNAL_IPS', ('127.0.0.1', '::1')) LOGGING = getattr(configuration, 'LOGGING', {}) LOGIN_REQUIRED = getattr(configuration, 'LOGIN_REQUIRED', False) LOGIN_TIMEOUT = getattr(configuration, 'LOGIN_TIMEOUT', None) @@ -615,15 +616,6 @@ RQ_QUEUES = { 'check_releases': RQ_PARAMS, } -# -# Django debug toolbar -# - -INTERNAL_IPS = ( - '127.0.0.1', - '::1', -) - # # NetBox internal settings