Access settings for client identifier #2624
Comments
|
Good afternoon. Добрый день. |
|
@Izya12 please upvote the original issue if you want it to be implemented. |
|
This is a great feature to keep my ADH server private. |
|
Even if I attempt to set the global setting to have an invalid upstream only allowing the defined clients by identifier to access to a proper upstream, this breaks for all the defined clients as well. Same if I define clients by identifier and let it use a proper upstream but define a 0.0.0.0/0 as clients with an invalid upstream. This needs to be implemented to avoid strangers from utilizing the resolver. |
|
@windware-ono, if you want to create an allowlist of clients then you can already do that with the DNS Settings → Access settings → Allowed clients setting. Although it currently only works for IP addresses and subnets, not ClientIDs. |
|
Yes, I'm aware of it but currently I'm running AH on a public network and my devices not belonging to specific IPs all the time and anyone who finds it's running a resolver can utilize it but if I can limit who can use it via client identifier as a sort of password, that would be very useful. |
Updates AdguardTeam/AdGuardHome#2624. Updates AdguardTeam/AdGuardHome#3162. Squashed commit of the following: commit 62e9cf4 Author: Ainar Garipov <[email protected]> Date: Wed Jun 23 15:15:36 2021 +0300 all: fix go1.15 compat commit 096b0d8 Author: Ainar Garipov <[email protected]> Date: Wed Jun 23 15:10:53 2021 +0300 all: add requestid, refactor
|
Customizing the upstream through the client ID cannot take effect, and it will still be resolved through the upstream DNS set globally, as shown in the figure:
My adguardhome is installed on a VPS, and I cannot set up a dedicated upstream DNS for a certain device through the client ID. adguardhome version: v0.106.3 |
|
@carrot-eggs, hi, this issue is about access settings. Please post your report as a separate issue. Thanks. |
Updates #2624. Updates #3162. Squashed commit of the following: commit 68860da Author: Ainar Garipov <[email protected]> Date: Tue Jun 29 15:41:33 2021 +0300 all: imp types, names commit ebd4ec2 Merge: 239eb72 16e5e09 Author: Ainar Garipov <[email protected]> Date: Tue Jun 29 15:14:33 2021 +0300 Merge branch 'master' into 2624-clientid-access commit 239eb72 Author: Ainar Garipov <[email protected]> Date: Tue Jun 29 15:13:10 2021 +0300 all: fix client blocking check commit e6bece3 Merge: 9935f2a 9d1656b Author: Ainar Garipov <[email protected]> Date: Tue Jun 29 13:12:28 2021 +0300 Merge branch 'master' into 2624-clientid-access commit 9935f2a Author: Ildar Kamalov <[email protected]> Date: Tue Jun 29 11:26:51 2021 +0300 client: show block button for client id commit ed786a6 Author: Ainar Garipov <[email protected]> Date: Fri Jun 25 15:56:23 2021 +0300 client: imp i18n commit 4fed21c Author: Ainar Garipov <[email protected]> Date: Fri Jun 25 15:34:09 2021 +0300 all: imp i18n, docs commit 55e65c0 Author: Ainar Garipov <[email protected]> Date: Fri Jun 25 13:34:01 2021 +0300 all: fix cache, imp code, docs, tests commit c1e5a83 Author: Ainar Garipov <[email protected]> Date: Thu Jun 24 19:27:12 2021 +0300 all: allow clientid in access settings
|
@ainar-g , I have refreshed the service to the latest snapshot 232cd38 and tested the "Allowed clients" and "Disallowed clients" with multiple client IDs, it works excellent! Also, I have tried to allow a device's IP but disallow its client ID. This result in allowing the device, which is surprisingly match to the description. Thanks a lot. I'll close the issue. |
Updates AdguardTeam#2624. Updates AdguardTeam#3162. Squashed commit of the following: commit 68860da Author: Ainar Garipov <[email protected]> Date: Tue Jun 29 15:41:33 2021 +0300 all: imp types, names commit ebd4ec2 Merge: 239eb72 16e5e09 Author: Ainar Garipov <[email protected]> Date: Tue Jun 29 15:14:33 2021 +0300 Merge branch 'master' into 2624-clientid-access commit 239eb72 Author: Ainar Garipov <[email protected]> Date: Tue Jun 29 15:13:10 2021 +0300 all: fix client blocking check commit e6bece3 Merge: 9935f2a 9d1656b Author: Ainar Garipov <[email protected]> Date: Tue Jun 29 13:12:28 2021 +0300 Merge branch 'master' into 2624-clientid-access commit 9935f2a Author: Ildar Kamalov <[email protected]> Date: Tue Jun 29 11:26:51 2021 +0300 client: show block button for client id commit ed786a6 Author: Ainar Garipov <[email protected]> Date: Fri Jun 25 15:56:23 2021 +0300 client: imp i18n commit 4fed21c Author: Ainar Garipov <[email protected]> Date: Fri Jun 25 15:34:09 2021 +0300 all: imp i18n, docs commit 55e65c0 Author: Ainar Garipov <[email protected]> Date: Fri Jun 25 13:34:01 2021 +0300 all: fix cache, imp code, docs, tests commit c1e5a83 Author: Ainar Garipov <[email protected]> Date: Thu Jun 24 19:27:12 2021 +0300 all: allow clientid in access settings
Hello
I'm trying the client ID in DoH with my phone and it works like a charm.
However, I couldn't utilize this feature to block unknown devices from network because the
DNS settings>Access settings>Allowed clientsonly takes CIDR or IP addresses.Since we could identify devices from DoH now, is it possible to allow or block a client by its identifier?
The text was updated successfully, but these errors were encountered: