Open kikaragyozov opened 2 weeks ago
If multiple people have access to the Web UI
Is this not the area in which you should be focusing?
If multiple people have access to the Web UI
Is this not the area in which you should be focusing?
What's the issue there? Isn't the idea of having a web interface precisely so that multiple people can interact with it? Blocky for example has NO web interface and I'd expect only the administrator to interact with it by directly SSH-ing into the device and modifying a configuration file, OR if you setup Prometheus/Grafana, the people seeing the logs would contact the Administrator for any unnecessarily blocked internet traffic.
Currently, imagine a setup where a large corporation blocks DNS queries aggressively. If you encounter an issue with a site not loading, what would be the first step? To check in the logs of AdGuard Home if it's being blocked. I don't see any issues in allowing people to do just that.
Isn't the idea of having a web interface precisely so that multiple people can interact with it?
No.
If that were the case there would be separate user accounts. The web interface is so the adminstrator can access it. If you don't want people poking at your shit, don't give them access.
I'll also note that with AGH's default blocking mode, any host formatted list presents the same level of "danger", allowing for domain A to be redirected to IP address B.
This is quite frankly not an issue, as that would only work on sites that don't redirect HTTP to HTTPS, or which don't offer HTTPS connectivity at all.
Isn't the idea of having a web interface precisely so that multiple people can interact with it?
No.
If that were the case there would be separate user accounts. The web interface is so the adminstrator can access it. If you don't want people poking at your shit, don't give them access.
What about exposing a functionality to just allow reading the query logs?
I'm aware you can use additional technologies to make this work, but AGH prides itself on how it doesn't require external programs/tools to do its job.
Pi-hole used to do something similar to what you're proposing, but the consensus reached there I think ended up being that that convenience wasn't worth the potential for profiling.
Prerequisites
[X] I have checked the Wiki and Discussions and found no answer
[X] I have searched other issues and found no duplicates
[X] I want to request a feature or enhancement and not ask a question
The problem
If multiple people have access to the Web UI, it's a potential security issue if anyone of them could access the section to DNS Rewrites. It's a powerful feature, and for typical home user scenarios, it's mostly not used, yet could easily be utilized by a malicious actor without the other party even understand this to be the case.
Proposed solution
Lock this down behind a flag in the .yaml file, so that people with access to the Web UI could never control whether this feature is enabled or disable. If it's enabled - the attack vector stays, but it's their problem. A full solution would involve creating entire user roles, but that's too convoluted and again in a typical home scenario, there's just 1 person managing the Web UI - the one who installed it in the first place.
Alternatives considered and additional information
No response