Tuesday 15 March 2022

AdGuard Home and time based rules

I have to say, I really like AdGuard Home (AGH)... and I am a bit torn between PiHole and AGH. PiHole seems to have better dashboard and allows to drill more into logs, but AGH has more features, so in a way it is horses for courses.

Recently a new use case came up for me - to block certain websites/services based on time of day. Think of it as technical layer of parental controls. I call it technical layer, because I know a conversation with a child is way more effective than any technical solution. At the same time kids being kids (even the most obedient and respectful ones) will sooner or later try to see if something is really blocked or is dad bluffing. Let them... it's good they try.

AGH API

AGH has a working API that is documented here. If you paste the contents of openapi.yaml into web based Swagger Editor, you will be able to easily navigate through the API docs.

AGH requires user to authenticate when using the API, so let's assume our username is admin and password is password. Invoking API is as simple as adding a HTTP header and encoding admin:password as Base64 string to include in the header - you can use CyberChef for this.

curl -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQK' ...

 Here we are interested in 2 API endpoints:

  • /control/filtering/add_url
  • /control/filtering/remove_url
Swagger Editor shows us exact invocation method with examples:


Adding a block list


You need to publish somewhere on the web a text file with your blacklist/whitelist rules - any place will do as long as AGH can reach it to load the file. URL for this file will be the value of url field in the request. We give the list entry a name of our choice and define if this is a whitelist entry (when set to true) or not (if set to false). 


Example


Rules file can be even hosted on pastebin if they are not changing too often - here's Roblox blocking one.

Adding block:
curl -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQK' -d '{"name": "Roblox block", "url": "https://pastebin.com/raw/SHpeyr1C", "whitelist": false}' http://agh.local/control/filtering/add_url

    Removing block:

    curl -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQK' -d '{"url":"https://pastebin.com/raw/SHpeyr1C"}' http://agh.local/control/filtering/remove_url

      Now add a bit of cron and you job is done.

      No comments:

      Post a Comment