diff --git a/AGHTechDoc.md b/AGHTechDoc.md index 45dee068..4e72aee2 100644 --- a/AGHTechDoc.md +++ b/AGHTechDoc.md @@ -1558,6 +1558,7 @@ Strict matching can be enabled by enclosing the value in double quotes: e.g. `"a * blocked_services - blocked services * blocked_safebrowsing - blocked by safebrowsing * blocked_parental - blocked by parental control +* blocked_dns_rebinding - blocked by DNS rebinding protection * whitelisted - whitelisted * rewritten - all kinds of rewrites * safe_search - enforced safe search diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json index 070e7a8f..b7e53987 100644 --- a/client/src/__locales/en.json +++ b/client/src/__locales/en.json @@ -593,5 +593,6 @@ "rebinding_protection_enabled": "Enable protection from DNS rebinding attacks", "rebinding_protection_enabled_desc": "If enabled, AdGuard Home will block responses containing host on the local network.", "rebinding_allowed_hosts_title": "Allowed domains", - "rebinding_allowed_hosts_desc": "A list of domains. If configured, AdGuard Home will allow responses containing host on the local network from these domains. Here you can specify the exact domain names, wildcards and urlfilter-rules, e.g. 'example.org', '*.example.org' or '||example.org^'." + "rebinding_allowed_hosts_desc": "A list of domains. If configured, AdGuard Home will allow responses containing host on the local network from these domains. Here you can specify the exact domain names, wildcards and urlfilter-rules, e.g. 'example.org', '*.example.org' or '||example.org^'.", + "blocked_dns_rebinding": "Blocked DNS rebinding" } diff --git a/client/src/actions/dnsConfig.js b/client/src/actions/dnsConfig.js index f7809de6..a3126725 100644 --- a/client/src/actions/dnsConfig.js +++ b/client/src/actions/dnsConfig.js @@ -39,6 +39,7 @@ export const setDnsConfig = (config) => async (dispatch) => { } if (Object.prototype.hasOwnProperty.call(data, 'rebinding_allowed_hosts')) { data.rebinding_allowed_hosts = splitByNewLine(config.rebinding_allowed_hosts); + hasDnsSettings = true; } await apiClient.setDnsConfig(data); diff --git a/client/src/components/Settings/Dns/Rebinding/Form.js b/client/src/components/Settings/Dns/Rebinding/Form.js index 69b59abf..cadafc4c 100644 --- a/client/src/components/Settings/Dns/Rebinding/Form.js +++ b/client/src/components/Settings/Dns/Rebinding/Form.js @@ -2,7 +2,7 @@ import React from 'react'; import PropTypes from 'prop-types'; import { Field, reduxForm } from 'redux-form'; import { Trans, useTranslation } from 'react-i18next'; -import { shallowEqual, useSelector } from 'react-redux'; +import { useSelector } from 'react-redux'; import { renderTextareaField, CheckboxField } from '../../../../helpers/form'; import { removeEmptyLines } from '../../../../helpers/helpers'; import { FORM_NAME } from '../../../../helpers/constants'; @@ -20,7 +20,7 @@ const Form = ({ handleSubmit, submitting, invalid, }) => { const { t } = useTranslation(); - const { processingSetConfig } = useSelector((state) => state.dnsConfig, shallowEqual); + const processingSetConfig = useSelector((state) => state.dnsConfig.processingSetConfig); const renderField = ({ id, title, subtitle, disabled = processingSetConfig, normalizeOnBlur, diff --git a/client/src/helpers/constants.js b/client/src/helpers/constants.js index f8d567ce..17192843 100644 --- a/client/src/helpers/constants.js +++ b/client/src/helpers/constants.js @@ -341,6 +341,7 @@ export const FILTERED_STATUS = { REWRITE_HOSTS: 'RewriteEtcHosts', FILTERED_SAFE_SEARCH: 'FilteredSafeSearch', FILTERED_SAFE_BROWSING: 'FilteredSafeBrowsing', + FILTERED_REBIND: 'FilteredRebind', FILTERED_PARENTAL: 'FilteredParental', }; @@ -373,6 +374,10 @@ export const RESPONSE_FILTER = { QUERY: 'blocked_parental', LABEL: 'blocked_adult_websites', }, + BLOCKED_DNS_REBINDING: { + QUERY: 'blocked_dns_rebinding', + LABEL: 'blocked_dns_rebinding', + }, ALLOWED: { QUERY: 'whitelisted', LABEL: 'allowed', @@ -414,6 +419,10 @@ export const FILTERED_STATUS_TO_META_MAP = { LABEL: 'blocked_service', COLOR: QUERY_STATUS_COLORS.RED, }, + [FILTERED_STATUS.FILTERED_REBIND]: { + LABEL: RESPONSE_FILTER.BLOCKED_DNS_REBINDING.LABEL, + COLOR: QUERY_STATUS_COLORS.RED, + }, [FILTERED_STATUS.FILTERED_SAFE_SEARCH]: { LABEL: RESPONSE_FILTER.SAFE_SEARCH.LABEL, COLOR: QUERY_STATUS_COLORS.YELLOW, diff --git a/client/src/reducers/dnsConfig.js b/client/src/reducers/dnsConfig.js index b05d9991..e2d0fc4d 100644 --- a/client/src/reducers/dnsConfig.js +++ b/client/src/reducers/dnsConfig.js @@ -25,9 +25,9 @@ const dnsConfig = handleActions( ...values, blocking_ipv4: blocking_ipv4 || DEFAULT_BLOCKING_IPV4, blocking_ipv6: blocking_ipv6 || DEFAULT_BLOCKING_IPV6, - upstream_dns: (upstream_dns && upstream_dns.join('\n')) || '', - bootstrap_dns: (bootstrap_dns && bootstrap_dns.join('\n')) || '', - rebinding_allowed_hosts: (rebinding_allowed_hosts && rebinding_allowed_hosts.join('\n')) || '', + upstream_dns: upstream_dns?.join('\n') || '', + bootstrap_dns: bootstrap_dns?.join('\n') || '', + rebinding_allowed_hosts: rebinding_allowed_hosts?.join('\n') || '', processingGetConfig: false, }; }, diff --git a/internal/querylog/searchcriteria.go b/internal/querylog/searchcriteria.go index bb573ea6..90ccaab6 100644 --- a/internal/querylog/searchcriteria.go +++ b/internal/querylog/searchcriteria.go @@ -17,14 +17,15 @@ const ( filteringStatusAll = "all" filteringStatusFiltered = "filtered" // all kinds of filtering - filteringStatusBlocked = "blocked" // blocked or blocked services - filteringStatusBlockedService = "blocked_services" // blocked - filteringStatusBlockedSafebrowsing = "blocked_safebrowsing" // blocked by safebrowsing - filteringStatusBlockedParental = "blocked_parental" // blocked by parental control - filteringStatusWhitelisted = "whitelisted" // whitelisted - filteringStatusRewritten = "rewritten" // all kinds of rewrites - filteringStatusSafeSearch = "safe_search" // enforced safe search - filteringStatusProcessed = "processed" // not blocked, not white-listed entries + filteringStatusBlocked = "blocked" // blocked or blocked services + filteringStatusBlockedService = "blocked_services" // blocked + filteringStatusBlockedSafebrowsing = "blocked_safebrowsing" // blocked by safebrowsing + filteringStatusBlockedParental = "blocked_parental" // blocked by parental control + filteringStatusBlockedRebind = "blocked_dns_rebinding" // blocked by DNS rebinding protection + filteringStatusWhitelisted = "whitelisted" // whitelisted + filteringStatusRewritten = "rewritten" // all kinds of rewrites + filteringStatusSafeSearch = "safe_search" // enforced safe search + filteringStatusProcessed = "processed" // not blocked, not white-listed entries ) // filteringStatusValues -- array with all possible filteringStatus values @@ -32,7 +33,7 @@ var filteringStatusValues = []string{ filteringStatusAll, filteringStatusFiltered, filteringStatusBlocked, filteringStatusBlockedService, filteringStatusBlockedSafebrowsing, filteringStatusBlockedParental, filteringStatusWhitelisted, filteringStatusRewritten, filteringStatusSafeSearch, - filteringStatusProcessed, + filteringStatusProcessed, filteringStatusBlockedRebind, } // searchCriteria - every search request may contain a list of different search criteria diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index d2329c31..fc840eb2 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -190,6 +190,7 @@ - 'blocked' - 'blocked_safebrowsing' - 'blocked_parental' + - 'blocked_dns_rebinding' - 'whitelisted' - 'rewritten' - 'safe_search'