Skip to content

Commit

Permalink
v6.26 (#3054)
Browse files Browse the repository at this point in the history
+ DietPi-Software | Pi-hole: Block access to blocking page from web by default and offer to do the same for admin panel during install
  • Loading branch information
Atk authored and MichaIng committed Aug 19, 2019
1 parent 52bb2a6 commit 9193d78
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 0 deletions.
6 changes: 6 additions & 0 deletions .conf/dps_93/lighttpd.block_nonlocal_admin.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Block non-LAN access to Pi-hole admin panel
$HTTP["url"] =~ "^(/html)?/admin(/|$)" {
$HTTP["remoteip"] !~ "^1(27|92.168|0|72.(1[6-9]|2[0-9]|3[0-1]))\." {
url.access-deny = ("")
}
}
9 changes: 9 additions & 0 deletions .conf/dps_93/lighttpd.pihole.conf
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,12 @@ $HTTP["url"] =~ "^/admin/" {
$HTTP["url"] =~ "^/admin/\.(.*)" {
url.access-deny = ("")
}

# If it's a request to Pi-hole blocking page...
$HTTP["url"] =~ "^(/html)?/pihole(/|$)" {
# ... and the request isn't local
$HTTP["remoteip"] !~ "^1(27|92.168|0|72.(1[6-9]|2[0-9]|3[0-1]))\." {
# block!
url.access-deny = ("")
}
}
11 changes: 11 additions & 0 deletions dietpi/dietpi-software
Original file line number Diff line number Diff line change
Expand Up @@ -8756,6 +8756,17 @@ _EOF_
dps_index=$software_id Download_Install 'lighttpd.pihole.conf' /etc/lighttpd/conf-available/99-dietpi-pihole.conf
lighttpd-enable-mod dietpi-pihole

# Ask user if they want to block report access to the admin page
dps_index=$software_id Download_Install 'lighttpd.block_nonlocal_admin.conf' /etc/lighttpd/conf-available/99-dietpi-pihole-block_nonlocal_admin.conf

G_WHIP_BUTTON_OK_TEXT='YES'
G_WHIP_BUTTON_CANCEL_TEXT='NO'
G_WHIP_YESNO "In order to increase security, it is recommended that you block remote access to the Pi-hole admin panel, so that unless you're on a local network, the Pi-hole admin panel isn't accessible.\n
You can always enable/disable this at a later point using the commands:
- lighttpd-enable-mod dietpi-pihole-block_nonlocal_admin
- lighttpd-disable-mod dietpi-pihole-block_nonlocal_admin\n
Do you want to block remote access to the admin panel now?" && lighttpd-enable-mod dietpi-pihole-block_nonlocal_admin

fi

# Create symlinks to align Pi-hole admin and blocking page relative to webroot
Expand Down

0 comments on commit 9193d78

Please sign in to comment.