AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home/overview.html
GNU General Public License v3.0
25.61k stars 1.84k forks source link

Temporarily disable with API (and via UI) #1333

Closed shapiro125 closed 1 year ago

shapiro125 commented 4 years ago

In order to make this work, we need to change how the "Disable protection" button looks like.

Use the same approach as for the "Block" button in the Query Log: image

There's a fixed list of options that can be used:

When the protection is paused temporarily, "Enable protection" button becomes a countdown: image

Original feature request text (replaced by @ameshkov) Hello -- I'm trying to figure out if there's a way to disable AdGuard Home temporarily within the API. For example, Pi-hole allows disabling for some number of seconds through theirs (http://pi.hole/admin/api.php?disable=300). Unless I'm missing something, I've only figured out how to switch on vs off or make a script that switches it off, sleeps for a certain number of seconds, and then switches it back on. Thanks!
ameshkov commented 4 years ago

Yeah, there's no such API method at the moment, start-sleep-stop is the only way.

shapiro125 commented 4 years ago

Thanks!

szolin commented 4 years ago

Can we close this issue? I doubt that we really need a new API method to temporarily disable the filtering.

ameshkov commented 4 years ago

It depends on the users. If there will be upvotes, we'll consider it.

Generally, I'd better keep all feature requests open until we are 100% sure that we won't do it.

Klizzy commented 4 years ago

i would like to see this feature too!

lolgast1987 commented 4 years ago

I'd like this feature too

SwissOS commented 4 years ago

I would really like this feature too. The scenario is like this: I can easily turn on/off AdGuard Home from the web interface, but my wife/kids are not so technical. I could then just make a shortcut on their iphone to turn off the filtering for a short time (say 5 minutes) to test if AdGuard is blocking the website they want to visit. What do you think?

ameshkov commented 4 years ago

Guys, please add upvotes then (upvote reaction on the issue)

Aikatsui commented 4 years ago

Alternative UI solution https://github.com/AdguardTeam/AdGuardHome/issues/997 https://github.com/AdguardTeam/AdGuardHome/issues/1203 https://github.com/AdguardTeam/AdGuardHome/issues/1450

but my wife/kids are not so technical.

@danielp123 I understand but you may able to create account for them and add a timed allow list with single rule to unblock all domains for 5min. In this cause; i'm not prefer to see AGH become too simple tool.

WildByDesign commented 4 years ago

@ameshkov Along with this feature request to temporarily disable filtering via API, and a good reason for making this feature, would be to integrate this "Temporarily disable AdGuard Home DNS filtering protection" API feature into AdGuard for Windows, AdGuard browser extensions, etc.

I am a long time user of AdGuard for Windows. Quite often, I have to temporarily disable the AGH DNS filtering because it causes problems on kids iPad games and certain things that other users may need to do from time to time.

This may be a tricky request though, in that regard.

shapiro125 commented 4 years ago

@ameshkov – I know this issue has gone to a bunch of different places, but I've been using:

curl -X POST "http://[URL]/control/dns_config" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"protection_enabled\": false}"

to enable and disable filtering. Unfortunately, I've noticed that even though filtering is now disabled, the domain is cached as blocked so you have to wait for the cache to clear before the domain will work again. Is this a separate issue that I should file or is there a different API call to turn AdGuard Home off?

Thanks for everything, it's a great piece of software.

szolin commented 4 years ago

domain is cached as blocked

@shapiro125 Do you mean browser's cache? Please try requesting the host name via nslookup or dig - what are the results?

shapiro125 commented 4 years ago

@szolin – dig is showing it correctly each time, it appears to be a browser cache issue. If the request is blocked, my browser will continue to block it even after disable adguard. Once it's disabled, the browser will still resolve the domain even after adguard is re-enabled.

I know it's working as expected (according to the dig results), so don't know what to do about it. I'm coming from Pi-hole, where their disable seemed to work instantly in browser without cache problems. Thanks!

szolin commented 4 years ago

. I'm coming from Pi-hole, where their disable seemed to work instantly in browser without cache problems

Maybe they just set small TTL values. You may set cache_ttl_max: 10 in AGH yaml config, and your browser will "forget" it after 10 seconds.

ameshkov commented 4 years ago

@szolin you mean blocked_response_ttl?

szolin commented 4 years ago

or blocked_response_ttl, yes Note: cache_ttl_max is available only in beta

shapiro125 commented 4 years ago

Oh, interesting. I noticed blocked_response_ttl is set for 10 seconds and, yup, disabling and waiting 10 seconds works.

What are the performance implications for making that shorter?

ameshkov commented 4 years ago

What are the performance implications for making that shorter?

Your devices will make DNS queries for blocked resources more often. Tbh, there are no really serious performance implications, especially if we're talking about AGH that's hosted in the local network and not on some public server.

hoshsadiq commented 4 years ago

I'd love this too. Just noticed that Adguard was disabled for the past day or so because I had forgotten to re-enable it. It would be great to have an option in the UI as well.

Aikatsui commented 4 years ago

@hoshsadiq #1879

lolgast1987 commented 4 years ago

How is that AdGuard related? You're having issues with HA, not AdGuard. Try this to see whether your API is working. curl -X POST -H "Content-Type:application/json" -d '{"protection_enabled":false}' http://[IP_ADGUARD]/control/dns_config

It should disable AdGuard

ameshkov commented 4 years ago

HTTP auth header may be necessary as well, plz see the openapi folder in AGH sources

schumi2004 commented 3 years ago

Would love to see such feature also. Preferable on a per cliënt basis but a temp disable option in general would be great to start with.

dachewster99 commented 3 years ago

This was a GREAT feature in Pi-Hole, dissapointed to not see a similar feature in AdGuard Home

hoshsadiq commented 3 years ago

So I recently found out I had this disabled again and had forgotten to re-enable it. I wrote a small script to disable and re-enable AGH. It's not ideal, as this won't run if you put your computer to sleep and/or shut it down or something.

#!/usr/bin/env bash

username="<set>"
password="<set>"
url="<set>"

urlRegex='^(([^:/?#]+):)?(//((([^:/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))(\?([^#]*))?(#(.*))?'

if [[ "$url" =~ $urlRegex ]]; then
  targetUri="$(printf "%s://%s%s/%s" "${BASH_REMATCH[2]}" "${BASH_REMATCH[4]}" "${BASH_REMATCH[5]}" "control/dns_config")"
  curl -X POST -u "$username:$password" -H "Content-Type:application/json" -d '{"protection_enabled":false}' "$targetUri"
  ( sleep 300; curl -X POST -u "$username:$password" -H "Content-Type:application/json" -d '{"protection_enabled":true}' "$targetUri" ) &
  disown
else
  >&2 printf "unable to get AdGuard Home URL. Got %s" "$url"
fi

In my case I get the details from my password manager, but you can simply set in the script or make the change to retrieve the data from your password manager too. I suggest you edit it to your needs.

Would love it if this can be prioritised higher as leaving it accidentally disabled is a pretty big privacy risk.

ainar-g commented 3 years ago

This will be a part of the new API and UI.

muhlba91 commented 3 years ago

is there any information on when this change will happen? really looking forward to getting this feature.

hoshsadiq commented 2 years ago

I got hit by this again several times. To avoid this in the future, I updated my script above to ensure it never stays disabled for more than 1 hour. If anyone wants to to use it, it's below. Install jq first, then save the file somewhere, chmod +x it, and run as a cronjob for e.g. every 5 mins. This will check every if the last time it was enabled was over 1 hour ago, and if so, it will re-enable it.

#!/usr/bin/env bash

set -eu

username="<set>"
password="<set>"
url="<set>"

urlRegex='^(([^:/?#]+):)?(//((([^:/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))(\?([^#]*))?(#(.*))?'

SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
lastCheckFile="$SCRIPT_DIR/agh_disabled_last_check.txt"

if [[ "$url" =~ $urlRegex ]]; then
  printf -v url "%s://%s%s" "${BASH_REMATCH[2]}" "${BASH_REMATCH[4]}" "${BASH_REMATCH[5]}"
else
  >&2 printf "unable to get AdGuard Home URL. Got %s" "$url"
  exit 1
fi

if [[ -s "$lastCheckFile" ]] && (( $(cat "$lastCheckFile") < "$(date -d "1 hour ago" +%s)" )); then
  curl -X POST -u "$username:$password" -H "Content-Type:application/json" -d '{"protection_enabled":true}' "$url/control/dns_config"
fi

if curl -fsSL -u "$username:$password" -H "Accept: application/json" "$url/control/status" | jq -r '.protection_enabled' | grep -qFx true; then
  date +%s > "$lastCheckFile"
fi
amathews84 commented 2 years ago

Hello I'd also like to see this feature please.

foorschtbar commented 2 years ago

This will be a part of the new API and UI.

Is there a ETA for the "new API and UI"? For me, the temporary disabling is an important feature. Sometimes I need to disable the filter and then of course I forget to enable it again - who doesn't remember the situation?

ainar-g commented 2 years ago

No precise timeframes, unfortunately.

separac commented 1 year ago

I would really love that feature as well. Adguard runs perfectly but there are certain pages/ ads that me or my wife want to follow on purpose that might get blocked.

eirikc commented 1 year ago

Just switched from pihole to Adguard, and I'm sad to see this feature missing. Absolutely nessecary feature in my household.

foorschtbar commented 1 year ago

do you know the comparison list in the README of this repo? I am thinking about submitting a PR with another line. What do you folks think of it?

Feature AdGuard Home Pi-Hole
Blocking ads and trackers
Customizing blocklists
Built-in DHCP server
HTTPS for the Admin interface Kind of, but you'll need to manually configure lighttpd
Encrypted DNS upstream servers (DNS-over-HTTPS, DNS-over-TLS, DNSCrypt) ❌ (requires additional software)
Cross-platform ❌ (not natively, only via Docker)
Running as a DNS-over-HTTPS or DNS-over-TLS server ❌ (requires additional software)
Blocking phishing and malware domains ❌ (requires non-default blocklists)
Parental control (blocking adult domains)
Force Safe search on search engines
Per-client (device) configuration
Access settings (choose who can use AGH DNS)
Running [without root privileges][wiki-noroot]
Temporarily disable ad-blocker for a certain period of time
ameshkov commented 1 year ago

Lol :)

Updated the original feature request with the description of how it will be implemented: https://github.com/AdguardTeam/AdGuardHome/issues/1333#issue-545456024

ainar-g commented 1 year ago

The feature is implemented in the most recent Edge builds, and it's going to be included in the next Beta release. Please fill new issues if you find any bugs with it.

svenjacobs commented 1 year ago

First of all thank you very much for this feature! It's really useful and I use it quite often 👍🏼

I think I found a minor cosmetic bug: When a pause timer is active while the browser or browser tab is inactive (in the background, not visible, etc.), the value of the countdown is not properly updated when returning to the page (Chrome 112.0.5615.121). So what could happen is that the countdown is still running although from server side it's already completed and protection enabled again.

Without knowing anything of how this is implemented technically, I assume that the countdown is only updated in frontend (JavaScript) code? If so, when a browser (tab) is paused, so are setTimeout invocations which could lead to errors with the countdown calculation.

ainar-g commented 1 year ago

We'll look into it, thanks for reporting.

meltinsands commented 1 year ago

Is there a timeline when the API is implemented in the stable version? A missed feature since switching from pihole.