From ae548fee433a647c1d1bc34ee3a4e85edc4c3f75 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 17 Jun 2020 15:54:04 +0200 Subject: [PATCH] dnsdist: Better examples for the webserver's ACL --- pdns/dnsdistdist/docs/guides/webserver.rst | 4 ++-- pdns/dnsdistdist/docs/reference/config.rst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pdns/dnsdistdist/docs/guides/webserver.rst b/pdns/dnsdistdist/docs/guides/webserver.rst index bc0de3eafe..01e6992e9d 100755 --- a/pdns/dnsdistdist/docs/guides/webserver.rst +++ b/pdns/dnsdistdist/docs/guides/webserver.rst @@ -9,11 +9,11 @@ To visually interact with dnsdist, try add :func:`webserver` to the configuratio Now point your browser at http://127.0.0.1:8083 and log in with any username, and that password. Enjoy! -Since 1.5.0, only connections from 127.0.0.1 and ::1 are allowed by default. To allow connections from 192.0.2.1, instead: +Since 1.5.0, only connections from 127.0.0.1 and ::1 are allowed by default. To allow connections from 192.0.2.0/24 but not from 192.0.2.1, instead: .. code-block:: lua - webserver("127.0.0.1:8083", "supersecretpassword", "supersecretAPIkey", {}, "192.0.2.1") + webserver("127.0.0.1:8083", "supersecretpassword", "supersecretAPIkey", {}, "192.0.2.0/24, !192.0.2.1") Security of the Webserver diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index 82fa5d9a30..2a036de868 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -308,7 +308,7 @@ Webserver configuration :param str password: The password required to access the webserver :param str apikey: The key required to access the API :param {[str]=str,...} custom_headers: Allows setting custom headers and removing the defaults - :param str acl: List of IP addresses, as a string, that are allowed to open a connection to the web server. Defaults to "127.0.0.1, ::1". + :param str acl: List of netmasks, as a string, that are allowed to open a connection to the web server. Defaults to "127.0.0.1, ::1". It accepts the same syntax that :func:`NetmaskGroup:addMask` does .. function:: setAPIWritable(allow [,dir]) -- 2.47.2