Comments (4)
Interesting... I've not thought of this usage, but I'm sure it can be manually modified or an editable approved list of domain names can be implemented. The reason for those lines are to make sure that ads aren't trying to whitelist themselves, which would be a bad thing.
from adminlte.
Thanks for clarifying! I suspected it being a kind of "security feature". Quite sure this won't be an issue for 99.9% of users though.
It might even be sufficient to just show an error message that an entry could not be added due to not using pi.hole or the IP address for AdminLTE access.
Cheers
/Jens
from adminlte.
I looked into using SERVER_NAME variable to securely verify access but found out it isn't always safe from tampering after some reading (nor is the $HTTP_HOST currently used but I assume its there for non-chrome browsers): https://stackoverflow.com/questions/1459739/php-serverhttp-host-vs-serverserver-name-am-i-understanding-the-ma
That post talks about apache but seems in lighttpd SERVER_NAME inherits from HTTP_HOST also when I tested. I tested this in my NGINX alpine docker container too and it seems to happily report NOTHING when no hostname is set instead of HTTP_HOST. So that's a much better default configuration and would actually make SERVER_NAME safe.
_SERVER["SERVER_NAME"] no value
vs
_SERVER["HTTP_HOST"] pihole.diginc.lan
from adminlte.
I made a similar suggesting in our slack yesterday that might get around this:
Perhaps we could read the existing host name out, if it is there, and if not, set it to pi.hole as default, with the option of giving the user a chance to set their own
Then we set that in those lines there, and then when they access it with their host name, as they expect to be able to do, it will work?
from adminlte.
Related Issues (20)
- Group assignment dropdown not always populated HOT 4
- Local DNS records and CNAME don't show pagination buttons HOT 11
- After clicking on the +/- icon they keep the "active" state making them nearly invisible with dark theme HOT 1
- After datatables update, tables are no longer striped HOT 1
- Save button on boxed layout outside of content area HOT 1
- SQL-Error on fresh installation on Raspberry HOT 3
- Web GUI add domain to whitelist / blacklist is added only in default group HOT 1
- No log in for a week HOT 7
- admin/scripts/pi-hole/php/customdns.php and admin/dns_records.php: CORS is something the browser handles, not the server HOT 3
- CNAME records not imported to v6 from v5 Teleport file HOT 5
- /admin/scripts/pi-hole/php/customdns.php persistently fails even with password disabled HOT 2
- Update Gravity page is redirect depending on the settings level HOT 1
- An entry in the blacklist is not being blocked HOT 10
- Mapping 2 MAC addresses to the same IP address not displayed correctly on web HOT 2
- "Total queries over last 24 hours" empty HOT 4
- NAN on Admin Stats with Multiple Containerized Pihole Admin Consoles HOT 15
- Glow effect in "Total Queries" box result in blurry text. HOT 5
- Universal Time Displayed in Firefox Instead of Local Time HOT 3
- Teleporter import adds "default" to all domainlist_by_group.json entries. HOT 1
- Disabled Blocking doesn't get resumed after timer expiry. HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adminlte.