How to change `CONSTANCE_CONFIG` in kpi

bawa · September 11, 2021, 4:54pm

I have an issue regarding SSRF_ALLOWED_IP_ADDRESS I assume whitelisting IPs can mitigate the issue I saw in base.py I think I need to change that . but I don;t know how to change that? . im running using docker . what is the Django admin interface ? please help me

# Configuration options that superusers can modify in the Django admin
# interface. Please note that it's not as simple as moving a setting into the
# `CONSTANCE_CONFIG` dictionary: each place where the setting's value is needed
# must use `constance.config.THE_SETTING` instead of
# `django.conf.settings.THE_SETTING`
CONSTANCE_CONFIG = {
    'REGISTRATION_OPEN': (
        True,
        'Allow new users to register accounts for themselves',
    ),
    'TERMS_OF_SERVICE_URL': ('', 'URL for terms of service document'),
    'PRIVACY_POLICY_URL': ('', 'URL for privacy policy'),
    'SOURCE_CODE_URL': (
        'https://github.com/kobotoolbox/',
        'URL of source code repository. When empty, a link will not be shown '
        'in the user interface',
    ),
    'SUPPORT_EMAIL': (
        os.environ.get('KOBO_SUPPORT_EMAIL')
        or os.environ.get('DEFAULT_FROM_EMAIL', 'help@kobotoolbox.org'),
        'Email address for users to contact, e.g. when they encounter '
        'unhandled errors in the application',
    ),
    'SUPPORT_URL': (
        os.environ.get('KOBO_SUPPORT_URL', 'https://support.kobotoolbox.org/'),
        'URL for "KoBoToolbox Help Center"',
    ),
    'COMMUNITY_URL': (
        os.environ.get(
            'KOBO_COMMUNITY_URL', 'https://community.kobotoolbox.org/'
        ),
        'URL for "KoBoToolbox Community Forum"',
    ),
    'ALLOW_UNSECURED_HOOK_ENDPOINTS': (
        True,
        'Allow the use of unsecured endpoints for hooks. '
        '(e.g http://hook.example.com)',
    ),
    'HOOK_MAX_RETRIES': (
        3,
        'Number of times the system will retry to send data to remote server '
        'before giving up',
    ),
    'SSRF_ALLOWED_IP_ADDRESS': (
        '',
        'Whitelisted IP addresses to bypass SSRF protection\nOne per line',
    ),
    'SSRF_DENIED_IP_ADDRESS': (
        '',
        'Blacklisted IP addresses to bypass SSRF protection\nOne per line',
    ),
    'EXPOSE_GIT_REV': (
        False,
        'Display information about the running commit to non-superusers',
    ),
    'CELERY_WORKER_MAX_CONCURRENCY': (
        '',
        'Maximum number of asynchronous worker processes to run. When '
        'unspecified, the default is the number of CPU cores on your server, '
        'down to a minimum of 2 and up to a maximum of 6. You may override '
        'here with larger values',
        # Omit type specification because int doesn't allow an empty default
    ),
    'CELERY_WORKER_MIN_CONCURRENCY': (
        2,
        'Minimum number of asynchronous worker processes to run. If larger '
        'than the maximum, the maximum will be ignored',
        int
    ),
}```

bawa · September 12, 2021, 8:50am

In KPI admin setting you can chage this http://kf.kobo.xxx.net/admin/constance/config/

Kal_Lam · September 12, 2021, 9:21am

Thank you for sharing the solution with the entire community, @bawa! Expecting the same in the upcoming days to make this community a learning and sharing platform.