Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide an option for blocking internal IP addresses #102

Open
ameshkov opened this issue Dec 25, 2016 · 2 comments · May be fixed by #2397
Open

Provide an option for blocking internal IP addresses #102

ameshkov opened this issue Dec 25, 2016 · 2 comments · May be fixed by #2397

Comments

@ameshkov
Copy link
Member

https://forum.adguard.com/index.php?threads/adguard-dns-discuss.18080/

Cannot block internal IP addresses - DNS responses containing IP addresses listed in RFC1918 should be filtered out to mitigate DNS Rebinding attacks. For example, if badstuff.attacker.com points to 192.168.1.1 then that response should be filtered out. (OpenDNS allows this option and adguard should too)

ameshkov added a commit that referenced this issue Nov 20, 2018
… to master

* commit '166bc72ff34f839d205166b3d560e97e8d6cf208':
  Fix tests
  Fix binary search in the whitelist
  Added ratelimit whitelist and tests
@ghost ghost mentioned this issue Feb 28, 2020
@dartraiden
Copy link

dartraiden commented May 4, 2020

Also please make it customizable (for example, this VPN server resolves some domains as 10.0.0.0/8, so this address range should be excluded from rebind protection)

@ameshkov
Copy link
Member Author

@dartraiden please note that you already can block IP addresses using custom rules:

  • |10.* will block 10.0.0.0/8
  • |192.168.* will block 192.168.0.0/16

etc

@juniorz juniorz linked a pull request Dec 5, 2020 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants