querylog: Add DNS rebinding protection

AGHTechDoc.md

@@ -1558,6 +1558,7 @@ Strict matching can be enabled by enclosing the value in double quotes: e.g. `"a
 * blocked_services     - blocked services
 * blocked_safebrowsing - blocked by safebrowsing
 * blocked_parental     - blocked by parental control
+* blocked_dns_rebinding - blocked by DNS rebinding protection
 * whitelisted          - whitelisted
 * rewritten            - all kinds of rewrites
 * safe_search          - enforced safe search

client/src/__locales/en.json

@@ -593,5 +593,6 @@
     "rebinding_protection_enabled": "Enable protection from DNS rebinding attacks",
     "rebinding_protection_enabled_desc": "If enabled, AdGuard Home will block responses containing host on the local network.",
     "rebinding_allowed_hosts_title": "Allowed domains",
-    "rebinding_allowed_hosts_desc": "A list of domains. If configured, AdGuard Home will allow responses containing host on the local network from these domains. Here you can specify the exact domain names, wildcards and urlfilter-rules, e.g. 'example.org', '*.example.org' or '||example.org^'."
+    "rebinding_allowed_hosts_desc": "A list of domains. If configured, AdGuard Home will allow responses containing host on the local network from these domains. Here you can specify the exact domain names, wildcards and urlfilter-rules, e.g. 'example.org', '*.example.org' or '||example.org^'.",
+    "blocked_dns_rebinding": "Blocked DNS rebinding"
 }

client/src/actions/dnsConfig.js

@@ -39,6 +39,7 @@ export const setDnsConfig = (config) => async (dispatch) => {
         }
         if (Object.prototype.hasOwnProperty.call(data, 'rebinding_allowed_hosts')) {
             data.rebinding_allowed_hosts = splitByNewLine(config.rebinding_allowed_hosts);
+            hasDnsSettings = true;
         }
 
         await apiClient.setDnsConfig(data);

client/src/components/Settings/Dns/Rebinding/Form.js

@@ -2,7 +2,7 @@ import React from 'react';
 import PropTypes from 'prop-types';
 import { Field, reduxForm } from 'redux-form';
 import { Trans, useTranslation } from 'react-i18next';
-import { shallowEqual, useSelector } from 'react-redux';
+import { useSelector } from 'react-redux';
 import { renderTextareaField, CheckboxField } from '../../../../helpers/form';
 import { removeEmptyLines } from '../../../../helpers/helpers';
 import { FORM_NAME } from '../../../../helpers/constants';
@@ -20,7 +20,7 @@ const Form = ({
     handleSubmit, submitting, invalid,
 }) => {
     const { t } = useTranslation();
-    const { processingSetConfig } = useSelector((state) => state.dnsConfig, shallowEqual);
+    const processingSetConfig = useSelector((state) => state.dnsConfig.processingSetConfig);
 
     const renderField = ({
         id, title, subtitle, disabled = processingSetConfig, normalizeOnBlur,

client/src/helpers/constants.js

@@ -341,6 +341,7 @@ export const FILTERED_STATUS = {
     REWRITE_HOSTS: 'RewriteEtcHosts',
     FILTERED_SAFE_SEARCH: 'FilteredSafeSearch',
     FILTERED_SAFE_BROWSING: 'FilteredSafeBrowsing',
+    FILTERED_REBIND: 'FilteredRebind',
     FILTERED_PARENTAL: 'FilteredParental',
 };
 
@@ -373,6 +374,10 @@ export const RESPONSE_FILTER = {
         QUERY: 'blocked_parental',
         LABEL: 'blocked_adult_websites',
     },
+    BLOCKED_DNS_REBINDING: {
+        QUERY: 'blocked_dns_rebinding',
+        LABEL: 'blocked_dns_rebinding',
+    },
     ALLOWED: {
         QUERY: 'whitelisted',
         LABEL: 'allowed',
@@ -414,6 +419,10 @@ export const FILTERED_STATUS_TO_META_MAP = {
         LABEL: 'blocked_service',
         COLOR: QUERY_STATUS_COLORS.RED,
     },
+    [FILTERED_STATUS.FILTERED_REBIND]: {
+        LABEL: RESPONSE_FILTER.BLOCKED_DNS_REBINDING.LABEL,
+        COLOR: QUERY_STATUS_COLORS.RED,
+    },
     [FILTERED_STATUS.FILTERED_SAFE_SEARCH]: {
         LABEL: RESPONSE_FILTER.SAFE_SEARCH.LABEL,
         COLOR: QUERY_STATUS_COLORS.YELLOW,

client/src/reducers/dnsConfig.js

@@ -25,9 +25,9 @@ const dnsConfig = handleActions(
                 ...values,
                 blocking_ipv4: blocking_ipv4 || DEFAULT_BLOCKING_IPV4,
                 blocking_ipv6: blocking_ipv6 || DEFAULT_BLOCKING_IPV6,
-                upstream_dns: (upstream_dns && upstream_dns.join('\n')) || '',
+                upstream_dns: upstream_dns?.join('\n') || '',
-                bootstrap_dns: (bootstrap_dns && bootstrap_dns.join('\n')) || '',
+                bootstrap_dns: bootstrap_dns?.join('\n') || '',
-                rebinding_allowed_hosts: (rebinding_allowed_hosts && rebinding_allowed_hosts.join('\n')) || '',
+                rebinding_allowed_hosts: rebinding_allowed_hosts?.join('\n') || '',
                 processingGetConfig: false,
             };
         },

internal/querylog/searchcriteria.go

@@ -17,14 +17,15 @@ const (
 	filteringStatusAll      = "all"
 	filteringStatusFiltered = "filtered" // all kinds of filtering
 
-	filteringStatusBlocked             = "blocked"              // blocked or blocked services
+	filteringStatusBlocked             = "blocked"               // blocked or blocked services
-	filteringStatusBlockedService      = "blocked_services"     // blocked
+	filteringStatusBlockedService      = "blocked_services"      // blocked
-	filteringStatusBlockedSafebrowsing = "blocked_safebrowsing" // blocked by safebrowsing
+	filteringStatusBlockedSafebrowsing = "blocked_safebrowsing"  // blocked by safebrowsing
-	filteringStatusBlockedParental     = "blocked_parental"     // blocked by parental control
+	filteringStatusBlockedParental     = "blocked_parental"      // blocked by parental control
-	filteringStatusWhitelisted         = "whitelisted"          // whitelisted
+	filteringStatusBlockedRebind       = "blocked_dns_rebinding" // blocked by DNS rebinding protection
-	filteringStatusRewritten           = "rewritten"            // all kinds of rewrites
+	filteringStatusWhitelisted         = "whitelisted"           // whitelisted
-	filteringStatusSafeSearch          = "safe_search"          // enforced safe search
+	filteringStatusRewritten           = "rewritten"             // all kinds of rewrites
-	filteringStatusProcessed           = "processed"            // not blocked, not white-listed entries
+	filteringStatusSafeSearch          = "safe_search"           // enforced safe search
+	filteringStatusProcessed           = "processed"             // not blocked, not white-listed entries
 )
 
 // filteringStatusValues -- array with all possible filteringStatus values
@@ -32,7 +33,7 @@ var filteringStatusValues = []string{
 	filteringStatusAll, filteringStatusFiltered, filteringStatusBlocked,
 	filteringStatusBlockedService, filteringStatusBlockedSafebrowsing, filteringStatusBlockedParental,
 	filteringStatusWhitelisted, filteringStatusRewritten, filteringStatusSafeSearch,
-	filteringStatusProcessed,
+	filteringStatusProcessed, filteringStatusBlockedRebind,
 }
 
 // searchCriteria - every search request may contain a list of different search criteria

openapi/openapi.yaml

@@ -190,6 +190,7 @@
           - 'blocked'
           - 'blocked_safebrowsing'
           - 'blocked_parental'
+          - 'blocked_dns_rebinding'
           - 'whitelisted'
           - 'rewritten'
           - 'safe_search'