From: Remi Gacogne Date: Wed, 17 Jun 2020 13:54:04 +0000 (+0200) Subject: dnsdist: Better examples for the webserver's ACL X-Git-Tag: dnsdist-1.5.0-rc4~24^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9254%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Better examples for the webserver's ACL --- diff --git a/pdns/dnsdistdist/docs/guides/webserver.rst b/pdns/dnsdistdist/docs/guides/webserver.rst index bc0de3eafe..01e6992e9d 100755 --- a/pdns/dnsdistdist/docs/guides/webserver.rst +++ b/pdns/dnsdistdist/docs/guides/webserver.rst @@ -9,11 +9,11 @@ To visually interact with dnsdist, try add :func:`webserver` to the configuratio Now point your browser at http://127.0.0.1:8083 and log in with any username, and that password. Enjoy! -Since 1.5.0, only connections from 127.0.0.1 and ::1 are allowed by default. To allow connections from 192.0.2.1, instead: +Since 1.5.0, only connections from 127.0.0.1 and ::1 are allowed by default. To allow connections from 192.0.2.0/24 but not from 192.0.2.1, instead: .. code-block:: lua - webserver("127.0.0.1:8083", "supersecretpassword", "supersecretAPIkey", {}, "192.0.2.1") + webserver("127.0.0.1:8083", "supersecretpassword", "supersecretAPIkey", {}, "192.0.2.0/24, !192.0.2.1") Security of the Webserver diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index 82fa5d9a30..2a036de868 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -308,7 +308,7 @@ Webserver configuration :param str password: The password required to access the webserver :param str apikey: The key required to access the API :param {[str]=str,...} custom_headers: Allows setting custom headers and removing the defaults - :param str acl: List of IP addresses, as a string, that are allowed to open a connection to the web server. Defaults to "127.0.0.1, ::1". + :param str acl: List of netmasks, as a string, that are allowed to open a connection to the web server. Defaults to "127.0.0.1, ::1". It accepts the same syntax that :func:`NetmaskGroup:addMask` does .. function:: setAPIWritable(allow [,dir])