querylog: Add DNS rebinding protection

2020-12-08 18:11:01 +03:00
parent f924523f6a
commit a9efc39306
8 changed files with 29 additions and 15 deletions
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -593,5 +593,6 @@
    "rebinding_protection_enabled": "Enable protection from DNS rebinding attacks",
    "rebinding_protection_enabled_desc": "If enabled, AdGuard Home will block responses containing host on the local network.",
    "rebinding_allowed_hosts_title": "Allowed domains",
-    "rebinding_allowed_hosts_desc": "A list of domains. If configured, AdGuard Home will allow responses containing host on the local network from these domains. Here you can specify the exact domain names, wildcards and urlfilter-rules, e.g. 'example.org', '*.example.org' or '||example.org^'."
+    "rebinding_allowed_hosts_desc": "A list of domains. If configured, AdGuard Home will allow responses containing host on the local network from these domains. Here you can specify the exact domain names, wildcards and urlfilter-rules, e.g. 'example.org', '*.example.org' or '||example.org^'.",
+    "blocked_dns_rebinding": "Blocked DNS rebinding"
 }
--- a/client/src/actions/dnsConfig.js
+++ b/client/src/actions/dnsConfig.js
@@ -39,6 +39,7 @@ export const setDnsConfig = (config) => async (dispatch) => {
        }
        if (Object.prototype.hasOwnProperty.call(data, 'rebinding_allowed_hosts')) {
            data.rebinding_allowed_hosts = splitByNewLine(config.rebinding_allowed_hosts);
+            hasDnsSettings = true;
        }

        await apiClient.setDnsConfig(data);
--- a/client/src/components/Settings/Dns/Rebinding/Form.js
+++ b/client/src/components/Settings/Dns/Rebinding/Form.js
@@ -2,7 +2,7 @@ import React from 'react';
 import PropTypes from 'prop-types';
 import { Field, reduxForm } from 'redux-form';
 import { Trans, useTranslation } from 'react-i18next';
-import { shallowEqual, useSelector } from 'react-redux';
+import { useSelector } from 'react-redux';
 import { renderTextareaField, CheckboxField } from '../../../../helpers/form';
 import { removeEmptyLines } from '../../../../helpers/helpers';
 import { FORM_NAME } from '../../../../helpers/constants';
@@ -20,7 +20,7 @@ const Form = ({
    handleSubmit, submitting, invalid,
 }) => {
    const { t } = useTranslation();
-    const { processingSetConfig } = useSelector((state) => state.dnsConfig, shallowEqual);
+    const processingSetConfig = useSelector((state) => state.dnsConfig.processingSetConfig);

    const renderField = ({
        id, title, subtitle, disabled = processingSetConfig, normalizeOnBlur,
--- a/client/src/helpers/constants.js
+++ b/client/src/helpers/constants.js
@@ -341,6 +341,7 @@ export const FILTERED_STATUS = {
    REWRITE_HOSTS: 'RewriteEtcHosts',
    FILTERED_SAFE_SEARCH: 'FilteredSafeSearch',
    FILTERED_SAFE_BROWSING: 'FilteredSafeBrowsing',
+    FILTERED_REBIND: 'FilteredRebind',
    FILTERED_PARENTAL: 'FilteredParental',
 };

@@ -373,6 +374,10 @@ export const RESPONSE_FILTER = {
        QUERY: 'blocked_parental',
        LABEL: 'blocked_adult_websites',
    },
+    BLOCKED_DNS_REBINDING: {
+        QUERY: 'blocked_dns_rebinding',
+        LABEL: 'blocked_dns_rebinding',
+    },
    ALLOWED: {
        QUERY: 'whitelisted',
        LABEL: 'allowed',
@@ -414,6 +419,10 @@ export const FILTERED_STATUS_TO_META_MAP = {
        LABEL: 'blocked_service',
        COLOR: QUERY_STATUS_COLORS.RED,
    },
+    [FILTERED_STATUS.FILTERED_REBIND]: {
+        LABEL: RESPONSE_FILTER.BLOCKED_DNS_REBINDING.LABEL,
+        COLOR: QUERY_STATUS_COLORS.RED,
+    },
    [FILTERED_STATUS.FILTERED_SAFE_SEARCH]: {
        LABEL: RESPONSE_FILTER.SAFE_SEARCH.LABEL,
        COLOR: QUERY_STATUS_COLORS.YELLOW,
--- a/client/src/reducers/dnsConfig.js
+++ b/client/src/reducers/dnsConfig.js
@@ -25,9 +25,9 @@ const dnsConfig = handleActions(
                ...values,
                blocking_ipv4: blocking_ipv4 || DEFAULT_BLOCKING_IPV4,
                blocking_ipv6: blocking_ipv6 || DEFAULT_BLOCKING_IPV6,
-                upstream_dns: (upstream_dns && upstream_dns.join('\n')) || '',
-                bootstrap_dns: (bootstrap_dns && bootstrap_dns.join('\n')) || '',
-                rebinding_allowed_hosts: (rebinding_allowed_hosts && rebinding_allowed_hosts.join('\n')) || '',
+                upstream_dns: upstream_dns?.join('\n') || '',
+                bootstrap_dns: bootstrap_dns?.join('\n') || '',
+                rebinding_allowed_hosts: rebinding_allowed_hosts?.join('\n') || '',
                processingGetConfig: false,
            };
        },