Pull request 168: 5799-healthcheck-access

Merge in GO/adguard-home-wiki from 5799-healthcheck-access to master Squashed commit of the following: commit 339fc0b7d1e1920d5a1393a0b45d3e5383aeb22c Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu May 18 18:53:20 2023 +0300 Configuration: fix links commit 758f60eff4dbec362370ba8ce9f5f612f61f1a5d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu May 18 18:44:31 2023 +0300 all: imp healthcheck docs
2023-05-18 19:52:31 +03:00 · 2023-05-18 19:52:31 +03:00 · 99953490ed
parent 13259ceec6
commit 99953490ed
2 changed files with 28 additions and 5 deletions
--- a/Configuration.md
+++ b/Configuration.md
@ -450,10 +450,29 @@ Settings are stored in [YAML format](https://en.wikipedia.org/wiki/YAML), possib
      requests and log the values sent by the clients in the query log.  Please
      note that ECS option will be added automatically for clients with public
      IP addresses only.
-  - **Access settings**
-    - `allowed_clients` — IP addresses of allowed clients
-    - `disallowed_clients` — IP addresses of clients that should be blocked
-    - `blocked_hosts` — Hosts that should be blocked
+  - **Access settings:**
+    - `allowed_clients`: The list of CIDRs, IP addresses or ClientIDs of allowed
+      DNS clients.  If this list has entries, AdGuard Home will accept requests
+      only from these clients.
+      
+      See also the note in the [Docker wiki page][docker-conf] about using this
+      property within a container.
+
+    - `disallowed_clients`: The list of CIDRs, IP addresses, or ClientIDs of
+      disallowed DNS clients.  If this list has entries, AdGuard Home will drop
+      requests from these clients. Note that this field is ignored if there are
+      entries in `allowed_clients`.
+      
+      See also the note in the [Docker wiki page][docker-conf] about using this
+      property within a container.
+
+    - `blocked_hosts`: The list of domain names, wildcards or filtering rules to
+      match requests that shouldn't be processed at all.  These wiil be ignored
+      by statistics and query log as well.
+      
+      See also the note in the [Docker wiki page][docker-conf] about using this
+      property within a container.
+
    - `trusted_proxies` (**since v0.107.0**) – The list of IP addresses and CIDR
      prefixes of trusted HTTP proxy servers.  If a DNS-over-HTTPS request comes
      from one of these addresses or networks, AdGuard Home uses the provided
@ -629,6 +648,7 @@ Removing an entry from settings file will reset it to the default value. Deletin

 [DHCP]: https://github.com/AdguardTeam/AdGuardHome/wiki/DHCP
 [DNSCrypt]: https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt
+[docker-conf]: https://github.com/AdguardTeam/AdGuardHome/wiki/Docker#configuration
 [`dnscrypt`]: https://github.com/ameshkov/dnscrypt
 [DDR]: https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html
 [tls-names]: https://pkg.go.dev/crypto/tls#pkg-constants
--- a/Docker.md
+++ b/Docker.md
@ -162,7 +162,10 @@ mechanism.  The implementation uses special reserved domain name
 `healthcheck.adguardhome.test.`, expecting it to resolve into NODATA answer.  It
 imposes restrictions on usage of this particular name, so specifying it within
 the `blocked_hosts` array under the `dns` section of configuration file will
-certainly break the healthcheck.
+certainly break the healthcheck.  For the same reason the `allowed_clients`
+**should** contain and `disallowed_clients` **should not** contain the
+`127.0.0.1` (`localhost`) address, which is used as a source of healthcheck
+requests.

 [YAML]: https://yaml.org
 [conf]: https://github.com/AdguardTeam/Adguardhome/wiki/Configuration