mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-12-15 03:02:07 +03:00
Merge: + DNS: blocked hosts: support wildcards; use urlfilter for processing of the blocked hosts
Close #1469
Squashed commit of the following:
commit b07f408550a526726c8e38886ce0fcc1f4c3d93d
Merge: 56aa0dfc c5a39b94
Author: Simon Zolin <s.zolin@adguard.com>
Date: Fri Mar 20 14:32:21 2020 +0300
Merge remote-tracking branch 'origin/master' into 1469-wildcards
commit 56aa0dfcca8265fed35e9b92f85dc54de947cc11
Author: Simon Zolin <s.zolin@adguard.com>
Date: Thu Mar 19 12:02:17 2020 +0300
update text
commit 468bcd9ea6e57eedd96bbb4b8414d86a60abcdc3
Author: Simon Zolin <s.zolin@adguard.com>
Date: Thu Mar 19 11:51:01 2020 +0300
* access: use urlfilter for blocked hosts processing
commit 1b157d39dfb32dd74d527274e5466b1642cd6916
Author: Simon Zolin <s.zolin@adguard.com>
Date: Wed Mar 18 13:13:06 2020 +0300
minor
commit 34811eb08ab690104d29710b0e1bc9fb003a4cd4
Author: Ildar Kamalov <i.kamalov@adguard.com>
Date: Fri Mar 13 19:05:12 2020 +0300
* client: change field description
commit fe0acec1bbd0b810f00481412efcc9776022b694
Author: Simon Zolin <s.zolin@adguard.com>
Date: Fri Mar 13 16:51:17 2020 +0300
+ DNS: blocked hosts: support wildcards
This commit is contained in:
parent
c5a39b942f
commit
a5b9d1d74c
@ -946,7 +946,7 @@ Response:
|
||||
{
|
||||
allowed_clients: ["127.0.0.1", ...]
|
||||
disallowed_clients: ["127.0.0.1", ...]
|
||||
blocked_hosts: ["host.com", ...]
|
||||
blocked_hosts: ["host.com", ...] // host name or a wildcard
|
||||
}
|
||||
|
||||
|
||||
|
@ -357,7 +357,7 @@
|
||||
"access_disallowed_title": "Disallowed clients",
|
||||
"access_disallowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will drop requests from these IP addresses.",
|
||||
"access_blocked_title": "Blocked domains",
|
||||
"access_blocked_desc": "Don't confuse this with filters. AdGuard Home will drop DNS queries with these domains in query's question.",
|
||||
"access_blocked_desc": "Don't confuse this with filters. AdGuard Home will drop DNS queries with these domains in query's question. Here you can specify the exact domain names, wildcards and urlfilter-rules, e.g. 'example.org', '*.example.org' or '||example.org^'.",
|
||||
"access_settings_saved": "Access settings successfully saved",
|
||||
"updates_checked": "Updates successfully checked",
|
||||
"updates_version_equal": "AdGuard Home is up-to-date",
|
||||
|
@ -2,11 +2,15 @@ package dnsforward
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/AdguardTeam/golibs/log"
|
||||
"github.com/AdguardTeam/urlfilter"
|
||||
"github.com/AdguardTeam/urlfilter/filterlist"
|
||||
)
|
||||
|
||||
type accessCtx struct {
|
||||
@ -18,7 +22,7 @@ type accessCtx struct {
|
||||
allowedClientsIPNet []net.IPNet // CIDRs of whitelist clients
|
||||
disallowedClientsIPNet []net.IPNet // CIDRs of clients that should be blocked
|
||||
|
||||
blockedHosts map[string]bool // hosts that should be blocked
|
||||
blockedHostsEngine *urlfilter.DNSEngine // finds hosts that should be blocked
|
||||
}
|
||||
|
||||
func (a *accessCtx) Init(allowedClients, disallowedClients, blockedHosts []string) error {
|
||||
@ -32,15 +36,26 @@ func (a *accessCtx) Init(allowedClients, disallowedClients, blockedHosts []strin
|
||||
return err
|
||||
}
|
||||
|
||||
convertArrayToMap(&a.blockedHosts, blockedHosts)
|
||||
return nil
|
||||
}
|
||||
|
||||
func convertArrayToMap(dst *map[string]bool, src []string) {
|
||||
*dst = make(map[string]bool)
|
||||
for _, s := range src {
|
||||
(*dst)[s] = true
|
||||
buf := strings.Builder{}
|
||||
for _, s := range blockedHosts {
|
||||
buf.WriteString(s)
|
||||
buf.WriteString("\n")
|
||||
}
|
||||
|
||||
listArray := []filterlist.RuleList{}
|
||||
list := &filterlist.StringRuleList{
|
||||
ID: int(0),
|
||||
RulesText: buf.String(),
|
||||
IgnoreCosmetic: true,
|
||||
}
|
||||
listArray = append(listArray, list)
|
||||
rulesStorage, err := filterlist.NewRuleStorage(listArray)
|
||||
if err != nil {
|
||||
return fmt.Errorf("filterlist.NewRuleStorage(): %s", err)
|
||||
}
|
||||
a.blockedHostsEngine = urlfilter.NewDNSEngine(rulesStorage)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Split array of IP or CIDR into 2 containers for fast search
|
||||
@ -107,7 +122,7 @@ func (a *accessCtx) IsBlockedIP(ip string) bool {
|
||||
// IsBlockedDomain - return TRUE if this domain should be blocked
|
||||
func (a *accessCtx) IsBlockedDomain(host string) bool {
|
||||
a.lock.Lock()
|
||||
_, ok := a.blockedHosts[host]
|
||||
_, ok := a.blockedHostsEngine.Match(host, nil)
|
||||
a.lock.Unlock()
|
||||
return ok
|
||||
}
|
||||
|
@ -796,11 +796,26 @@ func TestIsBlockedIPDisallowed(t *testing.T) {
|
||||
|
||||
func TestIsBlockedIPBlockedDomain(t *testing.T) {
|
||||
a := &accessCtx{}
|
||||
assert.True(t, a.Init(nil, nil, []string{"host1", "host2"}) == nil)
|
||||
assert.True(t, a.Init(nil, nil, []string{"host1",
|
||||
"host2",
|
||||
"*.host.com",
|
||||
"||host3.com^",
|
||||
}) == nil)
|
||||
|
||||
// match by "host2.com"
|
||||
assert.True(t, a.IsBlockedDomain("host1"))
|
||||
assert.True(t, a.IsBlockedDomain("host2"))
|
||||
assert.True(t, !a.IsBlockedDomain("host3"))
|
||||
|
||||
// match by wildcard "*.host.com"
|
||||
assert.True(t, !a.IsBlockedDomain("host.com"))
|
||||
assert.True(t, a.IsBlockedDomain("asdf.host.com"))
|
||||
assert.True(t, a.IsBlockedDomain("qwer.asdf.host.com"))
|
||||
assert.True(t, !a.IsBlockedDomain("asdf.zhost.com"))
|
||||
|
||||
// match by wildcard "||host3.com^"
|
||||
assert.True(t, a.IsBlockedDomain("host3.com"))
|
||||
assert.True(t, a.IsBlockedDomain("asdf.host3.com"))
|
||||
}
|
||||
|
||||
func TestValidateUpstream(t *testing.T) {
|
||||
|
Loading…
Reference in New Issue
Block a user