From fb6bc322c11aba99adf422eaf6cbfe5a43870200 Mon Sep 17 00:00:00 2001 From: Ainar Garipov Date: Mon, 2 Aug 2021 15:11:00 +0300 Subject: [PATCH] Pull request: all: do not refuse reqs from untrusted proxies Updates #2799. Squashed commit of the following: commit bc768fdd48b563017520f962480be4b2be90666a Author: Ainar Garipov Date: Mon Aug 2 15:00:10 2021 +0300 all: do not refuse reqs from untrusted proxies --- CHANGELOG.md | 5 +++-- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8bccfd0d..ecec2416 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -43,8 +43,9 @@ and this project adheres to ### Changed -- Proxied DNS-over-HTTPS queries are now only accepted from proxy servers on the - `trusted_proxies` list ([#2799]). +- DNS-over-HTTPS queries that come from HTTP proxies in the `trusted_proxies` + list now use the real IP address of the client instead of the address of the + proxy ([#2799]). - Clients who are blocked by access settings now receive a `REFUSED` response when a protocol other than DNS-over-UDP and DNSCrypt is used. - `querylog_interval` setting is now formatted in hours. diff --git a/go.mod b/go.mod index 23e3426b..b3e37fff 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/AdguardTeam/AdGuardHome go 1.16 require ( - github.com/AdguardTeam/dnsproxy v0.39.0 + github.com/AdguardTeam/dnsproxy v0.39.1 github.com/AdguardTeam/golibs v0.8.4 github.com/AdguardTeam/urlfilter v0.14.6 github.com/NYTimes/gziphandler v1.1.1 diff --git a/go.sum b/go.sum index e7d8d7f0..8a6b90b0 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf h1:gc042VRSIRSUzZ+Px6xQCRWNJZTaPkomisDfUZmoFNk= github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf/go.mod h1:TKl4jN3Voofo4UJIicyNhWGp/nlQqQkFxmwIFTvBkKI= -github.com/AdguardTeam/dnsproxy v0.39.0 h1:5/PN2mpUeCTWtvqXUbSPTMJSOad4lJscPzm+C2f4jB4= -github.com/AdguardTeam/dnsproxy v0.39.0/go.mod h1:aNXKNdTyKfgAG2OS712SYSaGIM9AasZsZxfiY4YiR/0= +github.com/AdguardTeam/dnsproxy v0.39.1 h1:qU5LgMsw6Q4qwVuZ4cpWVQqD+7k1kK2Z2NoNar60yto= +github.com/AdguardTeam/dnsproxy v0.39.1/go.mod h1:aNXKNdTyKfgAG2OS712SYSaGIM9AasZsZxfiY4YiR/0= github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4= github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4= github.com/AdguardTeam/golibs v0.8.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=