Pull request: Added $denyallow spec

Merge in DNS/adguard-home-wiki from denyallow to master

Squashed commit of the following:

commit 9ea7f9b0550bd5a8df96ffeca325733581658885
Author: Andrey Meshkov <am@adguard.com>
Date:   Mon Apr 26 15:47:22 2021 +0300

    fix typo

commit 8080165fd4406b7da7174417871c0be9e1659756
Author: Andrey Meshkov <am@adguard.com>
Date:   Mon Apr 26 15:46:07 2021 +0300

    Added  spec
Andrey Meshkov 2021-04-26 15:50:04 +03:00
parent 782b34d0dc
commit 10c8e7e43a
1 changed files with 43 additions and 0 deletions

@ -7,6 +7,7 @@
* [Regular expressions support](#regular-expressions) * [Regular expressions support](#regular-expressions)
* [Rule modifiers](#modifiers) * [Rule modifiers](#modifiers)
* [client](#client) * [client](#client)
* [denyallow](#denyallow)
* [dnstype](#dnstype) * [dnstype](#dnstype)
* [dnsrewrite](#dnsrewrite) * [dnsrewrite](#dnsrewrite)
* [important](#important) * [important](#important)
@ -142,6 +143,48 @@ Client names usually contain spaces or other special characters, that's why you
* `||example.org^$client=~Mom|~Dad|Kids` -- block `example.org` for `Kids`, but not for `Mom` and `Dad`. This example demonstrates how to specify multiple clients in one rule. * `||example.org^$client=~Mom|~Dad|Kids` -- block `example.org` for `Kids`, but not for `Mom` and `Dad`. This example demonstrates how to specify multiple clients in one rule.
* `||example.org^$client=192.168.0.0/24` -- block `example.org` for all clients with IP addresses in the range `192.168.0.0-192.168.0.255` * `||example.org^$client=192.168.0.0/24` -- block `example.org` for all clients with IP addresses in the range `192.168.0.0-192.168.0.255`
#### <a id="denyallow"></a> `denyallow`
(Since **v0.106.0**.)
You can use the `$denyallow` modifier to exclude domains from the blocking rule.
To add multiple domains to one rule, use the `|` character as a separator.
The syntax is:
```
$denyallow=domain1|domain2|...
```
It allows avoiding creating unnecessary "exception" rules when our blocking rule
covers too many domains. Here's a simple use-case, you may want to block
everything save for a couple of TLD domains. You could use the standard approach,
i.e. rules like this:
```
! Block everything
/.*/
! Unblock a couple of TLDs
@@||com^
@@||net^
```
The problem with this approach is that this way you will also unblock tracking
domains that are located on those TLDs (i.e. `google-analytics.com`).
Here's how to solve this with `$denyallow`:
```
*$denyallow=com|net
```
**Examples**
* `*$denyallow=com|net` — Block everything save for `*.com` and `*.net`.
* `@@*$denyallow=com|net` — Unblock everything save for `*.com` and `*.net`.
* `||example.org^$denyallow=sub.example.org` — Block `example.org` and
`*.example.org`, but don't block `sub.example.org`.
#### <a id="dnstype"></a> `dnstype` #### <a id="dnstype"></a> `dnstype`
(Since **v0.105.0**.) (Since **v0.105.0**.)