* doc: filtering logic with a diagram

This commit is contained in:
Simon Zolin 2019-12-02 14:34:06 +03:00
parent e8885dbf3e
commit 7c0b2d8ede
3 changed files with 21 additions and 1 deletions

View File

@ -61,7 +61,7 @@ Contents:
## Relations between subsystems
![](agh-arch.png)
![](doc/agh-arch.png)
@ -1184,6 +1184,26 @@ Response:
## Filtering
![](doc/agh-filtering.png)
This is how DNS requests and responses are filtered by AGH:
* 'dnsproxy' module receives DNS request from client and passes control to AGH
* AGH applies filtering logic to the host name in DNS Question:
* process Rewrite rules
* match host name against filtering lists
* match host name against blocked services rules
* process SafeSearch rules
* request SafeBrowsing & ParentalControl services and process their response
* If the handlers above create a successful result that can be immediately sent to a client, it's passed back to 'dnsproxy' module
* Otherwise, AGH passes the DNS request to an upstream server via 'dnsproxy' module
* After 'dnsproxy' module has received a response from an upstream server, it passes control back to AGH
* If the filtering logic for DNS request returned a 'whitelist' flag, AGH passes the response to a client
* Otherwise, AGH applies filtering logic to each DNS record in response:
* For CNAME records, the target name is matched against filtering lists (ignoring 'whitelist' rules)
* For A and AAAA records, the IP address is matched against filtering lists (ignoring 'whitelist' rules)
### Filters update mechanism
Filters can be updated either manually by request from UI or automatically.

View File

Before

Width:  |  Height:  |  Size: 84 KiB

After

Width:  |  Height:  |  Size: 84 KiB

BIN
doc/agh-filtering.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 67 KiB