Merge in DNS/adguard-home from 1898-hide-private-key to master Squashed commit of the following: commit 542569bbc098541f8e191cc5c1e5509a65fe2c5f Merge: a07d715f756c7064
Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 27 13:29:15 2021 +0300 Merge branch 'master' into 1898-hide-private-key commit a07d715f0f0932fdad4ec3f1e1a265b43809e21b Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 19:45:39 2021 +0300 fix bug commit 9f2b70719a24aab827c2dc300fc94bf2202527a7 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 19:07:17 2021 +0300 fixes commit e79f0e620844531a737fff5a88f5c2cffc403f51 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 18:35:32 2021 +0300 more documentation to god of documentation commit 47790964ed05f50c075f6b6497b1517b0d974bea Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 18:23:08 2021 +0300 changed var named && fixed description commit d35de5a34eafb3ffbd1148982dd31735a2000377 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 18:11:13 2021 +0300 revert locales commit 514ab1a5d90039bf9aad1389dd0ed966fd1a7e65 Merge: 5d9b992a16092e8b
Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 14:41:27 2021 +0300 Merge branch 'master' into 1898-hide-private-key commit 5d9b992a236dec276a46a035509da6938a7da7bf Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 14:41:13 2021 +0300 here we go again commit 2e7b30df5f19953f4e055394083be62b23028ad6 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 20 17:11:49 2021 +0300 update deps commit 5e58c3e22a77c42f321deb9707f34f031b345d75 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 20 17:10:19 2021 +0300 small fix commit c2096377de0a8ecf4f36567322ad9171c5fb5ab2 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 20 17:07:45 2021 +0300 fixes && updated translations commit ada2d4784e6288b1740b8564b6ffc1ef8f0dcf68 Merge: dc5ce072550b1798
Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 20 13:17:34 2021 +0300 Merge branch 'master' into 1898-hide-private-key commit dc5ce0721b5c095ed79f2a302ad90d9616785f93 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 13 20:12:18 2021 +0300 tls: hide saved private key If private key saved as a string, then hide it from the answer to UI
13 KiB
AdGuard Home API Change Log
v0.107: API changes
The new field "private_key_saved"
in TlsConfig
- The new field
"private_key_saved"
inPOST /control/tls/configure
,POST /control/tls/validate
andGET /control/tls/status
is true if the private key was previously saved as a string and now the private key omitted from communication between server and client due to security issues.
The new field "cache_optimistic"
in DNS configuration
-
The new optional field
"cache_optimistic"
inPOST /control/dns_config
method makes AdGuard Home use or not use the optimistic cache mechanism. -
The new field
"cache_optimistic"
inGET /control/dns_info
method is true if AdGuard Home uses the optimistic cache mechanism.
New possible value of "interval"
field in QueryLogConfig
-
The value of
"interval"
field inPOST /control/querylog_config
andGET /control/querylog_info
methods could now take the value of0.25
. It's equal to 6 hours. -
All the possible values of
"interval"
field are enumerated. -
The type of
"interval"
field is nownumber
instead ofinteger
.
Client IDs in Access Settings
- The
POST /control/access/set
HTTP API now accepts client IDs in"allowed_clients"
and"disallowed_clients"
fields.
The new field "unicode_name"
in DNSQuestion
- The new optional field
"unicode_name"
is the Unicode representation of question's domain name. It is only presented if the original question's domain name is an IDN.
Documentation fix of DNSQuestion
- Previously incorrectly named field
"host"
inDNSQuestion
is now named"name"
.
Disabling Statistics
- The
POST /control/stats_config
HTTP API allows disabling statistics by setting"interval"
to0
.
POST /control/dhcp/reset_leases
- The new
POST /control/dhcp/reset_leases
HTTP API allows removing all leases from the DHCP server's database without erasing its configuration.
The parameter "host"
in GET /apple/*.mobileconfig
is now required.
- The parameter
"host"
inGET
requests for/apple/doh.mobileconfig
and/apple/doh.mobileconfig
is now required to prevent unexpected server name's value.
The new field "default_local_ptr_upstreams"
in GET /control/dns_info
- The new optional field
"default_local_ptr_upstreams"
is the list of IP addresses AdGuard Home would use by default to resolve PTR request for addresses from locally-served networks.
The field "use_private_ptr_resolvers"
in DNS configuration
- The new optional field
"use_private_ptr_resolvers"
of"DNSConfig"
specifies if the DNS server should use"local_ptr_upstreams"
at all.
v0.106: API changes
The field "supported_tags"
in GET /control/clients
- Previously undocumented field
"supported_tags"
in the response is now documented.
The field "whois_info"
in GET /control/clients
- Objects in the
"auto_clients"
array now have the"whois_info"
field.
New response code in POST /control/login
429
is returned when user is out of login attempts. It adds theRetry-After
header with the number of seconds of block left in it.
New "private_upstream"
field in POST /test_upstream_dns
- The new optional field
"private_upstream"
ofUpstreamConfig
contains the upstream servers for resolving locally-served ip addresses to be checked.
New fields "resolve_clients"
and "local_ptr_upstreams"
in DNS configuration
-
The new optional field
"resolve_clients"
ofDNSConfig
is used to turn resolving clients' addresses on and off. -
The new optional field
"local_ptr_upstreams"
of"DNSConfig"
contains the upstream servers for resolving addresses from locally-served networks. The empty"local_ptr_resolvers"
states that AGH should use resolvers provided by the operating system.
New "client_info"
field in GET /querylog
response
- The new optional field
"client_info"
ofQueryLogItem
objects contains a more full information about the client.
v0.105: API changes
New "client_id"
field in GET /querylog
response
- The new field
"client_id"
ofQueryLogItem
objects is the ID sent by the client for encrypted requests, if there was any. See the "Identifying clients" section of our wiki.
New "dnscrypt"
"client_proto"
value in GET /querylog
response
- The field
"client_proto"
can now have the value"dnscrypt"
when the request was sent over a DNSCrypt connection.
New "reason"
in GET /filtering/check_host
and GET /querylog
-
The new
RewriteRule
reason is added toGET /filtering/check_host
andGET /querylog
. -
Also, the reason which was incorrectly documented as
"ReasonRewrite"
is now correctly documented as"Rewrite"
, and the previously undocumented"RewriteEtcHosts"
is now documented as well.
Multiple matched rules in GET /filtering/check_host
and GET /querylog
-
The properties
rule
andfilter_id
are now deprecated. API users should inspect the newly-addedrules
object array instead. For most rules, it's either empty or contains one object, which contains the same things as the old two properties did, but under more correct names:{ // … // Deprecated. "rule": "||example.com^", // Deprecated. "filter_id": 42, // Newly-added. "rules": [{ "text": "||example.com^", "filter_list_id": 42 }] }
For
$dnsrewrite
rules, they contain all rules that contributed to the result. For example, if you have the following filtering rules:||example.com^$dnsrewrite=127.0.0.1 ||example.com^$dnsrewrite=127.0.0.2
The
"rules"
will be something like:{ // … "rules": [{ "text": "||example.com^$dnsrewrite=127.0.0.1", "filter_list_id": 0 }, { "text": "||example.com^$dnsrewrite=127.0.0.2", "filter_list_id": 0 }] }
The old fields will be removed in v0.106.0.
As well as other documentation fixes.
v0.103: API changes
API: replace settings in GET /control/dns_info & POST /control/dns_config
-
added "upstream_mode"
"upstream_mode": "" | "parallel" | "fastest_addr"
-
removed "fastest_addr", "parallel_requests"
API: Get querylog: GET /control/querylog
- Added optional "offset" and "limit" parameters
We are still using "older_than" approach in AdGuard Home UI, but we realize that it's easier to use offset/limit so here is this option now.
v0.102: API changes
API: Get general status: GET /control/status
- Removed "upstream_dns", "bootstrap_dns", "all_servers" parameters
API: Get DNS general settings: GET /control/dns_info
- Added "parallel_requests", "upstream_dns", "bootstrap_dns" parameters
Request:
GET /control/dns_info
Response:
200 OK
{
"upstream_dns": ["tls://...", ...],
"bootstrap_dns": ["1.2.3.4", ...],
"protection_enabled": true | false,
"ratelimit": 1234,
"blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
"blocking_ipv4": "1.2.3.4",
"blocking_ipv6": "1:2:3::4",
"edns_cs_enabled": true | false,
"dnssec_enabled": true | false
"disable_ipv6": true | false,
"fastest_addr": true | false, // use Fastest Address algorithm
"parallel_requests": true | false, // send DNS requests to all upstream servers at once
}
API: Set DNS general settings: POST /control/dns_config
- Added "parallel_requests", "upstream_dns", "bootstrap_dns" parameters
- removed /control/set_upstreams_config method
Request:
POST /control/dns_config
{
"upstream_dns": ["tls://...", ...],
"bootstrap_dns": ["1.2.3.4", ...],
"protection_enabled": true | false,
"ratelimit": 1234,
"blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
"blocking_ipv4": "1.2.3.4",
"blocking_ipv6": "1:2:3::4",
"edns_cs_enabled": true | false,
"dnssec_enabled": true | false
"disable_ipv6": true | false,
"fastest_addr": true | false, // use Fastest Address algorithm
"parallel_requests": true | false, // send DNS requests to all upstream servers at once
}
Response:
200 OK
v0.101: API changes
API: Refresh filters: POST /control/filtering/refresh
- Added "whitelist" boolean parameter
- Response is in JSON format
Request:
POST /control/filtering/refresh
{
"whitelist": true
}
Response:
200 OK
{
"updated": 123 // number of filters updated
}
v0.100: API changes
API: Get list of clients: GET /control/clients
- "ip" and "mac" fields are removed
- "ids" and "ip_addrs" fields are added
Response:
200 OK
{
clients: [
{
name: "client1"
ids: ["...", ...] // IP or MAC
ip_addrs: ["...", ...] // all IP addresses (set by user and resolved by MAC)
use_global_settings: true
filtering_enabled: false
parental_enabled: false
safebrowsing_enabled: false
safesearch_enabled: false
use_global_blocked_services: true
blocked_services: [ "name1", ... ]
whois_info: {
key: "value"
...
}
}
]
auto_clients: [
{
name: "host"
ip: "..."
source: "etc/hosts" || "rDNS"
whois_info: {
key: "value"
...
}
}
]
}
API: Add client: POST /control/clients/add
- "ip" and "mac" fields are removed
- "ids" field is added
Request:
POST /control/clients/add
{
name: "client1"
ids: ["...", ...] // IP or MAC
use_global_settings: true
filtering_enabled: false
parental_enabled: false
safebrowsing_enabled: false
safesearch_enabled: false
use_global_blocked_services: true
blocked_services: [ "name1", ... ]
}
API: Update client: POST /control/clients/update
- "ip" and "mac" fields are removed
- "ids" field is added
Request:
POST /control/clients/update
{
name: "client1"
data: {
name: "client1"
ids: ["...", ...] // IP or MAC
use_global_settings: true
filtering_enabled: false
parental_enabled: false
safebrowsing_enabled: false
safesearch_enabled: false
use_global_blocked_services: true
blocked_services: [ "name1", ... ]
}
}
v0.99.3: API changes
API: Get query log: GET /control/querylog
The response data is now a JSON object, not an array.
Response:
200 OK
{
"oldest":"2006-01-02T15:04:05.999999999Z07:00"
"data":[
{
"answer":[
{
"ttl":10,
"type":"AAAA",
"value":"::"
}
...
],
"client":"127.0.0.1",
"elapsedMs":"0.098403",
"filterId":1,
"question":{
"class":"IN",
"host":"doubleclick.net",
"type":"AAAA"
},
"reason":"FilteredBlackList",
"rule":"||doubleclick.net^",
"status":"NOERROR",
"time":"2006-01-02T15:04:05.999999999Z07:00"
}
...
]
}
v0.99.1: API changes
API: Get current user info: GET /control/profile
Request:
GET /control/profile
Response:
200 OK
{
"name":"..."
}
Set DNS general settings: POST /control/dns_config
Replaces these API methods:
POST /control/enable_protection
POST /control/disable_protection
Request:
POST /control/dns_config
{
"protection_enabled": true | false,
"ratelimit": 1234,
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip",
"blocking_ipv4": "1.2.3.4",
"blocking_ipv6": "1:2:3::4",
}
Response:
200 OK
v0.99: incompatible API changes
- A note about web user authentication
- Set filtering parameters: POST /control/filtering/config
- Set filter parameters: POST /control/filtering/set_url
- Set querylog parameters: POST /control/querylog_config
- Get statistics data: GET /control/stats
A note about web user authentication
If AdGuard Home's web user is password-protected, a web client must use authentication mechanism when sending requests to server. Basic access authentication is the most simple method - a client must pass Authorization
HTTP header along with all requests:
Authorization: Basic BASE64_DATA
where BASE64_DATA is base64-encoded data for username:password
string.
Set filtering parameters: POST /control/filtering/config
Replaces these API methods:
POST /control/filtering/enable
POST /control/filtering/disable
Request:
POST /control/filtering_config
{
"enabled": true | false
"interval": 0 | 1 | 12 | 1*24 | 3*24 | 7*24
}
Response:
200 OK
Set filter parameters: POST /control/filtering/set_url
Replaces these API methods:
POST /control/filtering/enable_url
POST /control/filtering/disable_url
Request:
POST /control/filtering/set_url
{
"url": "..."
"enabled": true | false
}
Response:
200 OK
Set querylog parameters: POST /control/querylog_config
Replaces these API methods:
POST /querylog_enable
POST /querylog_disable
Request:
POST /control/querylog_config
{
"enabled": true | false
"interval": 1 | 7 | 30 | 90
}
Response:
200 OK
Get statistics data: GET /control/stats
Replaces these API methods:
GET /control/stats_top
GET /control/stats_history
Request:
GET /control/stats
Response:
200 OK
{
time_units: hours | days
// total counters:
num_dns_queries: 123
num_blocked_filtering: 123
num_replaced_safebrowsing: 123
num_replaced_safesearch: 123
num_replaced_parental: 123
avg_processing_time: 123.123
// per time unit counters
dns_queries: [123, ...]
blocked_filtering: [123, ...]
replaced_parental: [123, ...]
replaced_safebrowsing: [123, ...]
top_queried_domains: [
{host: 123},
...
]
top_blocked_domains: [
{host: 123},
...
]
top_clients: [
{IP: 123},
...
]
}