diff options
| author |  George Shammas <georgyo@gmail.com>
| 2021-02-01 09:52:23 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2021-02-01 06:52:23 -0800 |
| commit | 117a389e40832cdbee69bd9daa04ca35611082ff (patch) | |
| tree | 93303c8a557e3118aa529a5742053a1a9a47cb05 /plugin/acl/setup.go | |
| parent | d289b4ea2623dcd0dd13ab7ed88ab764a7408f91 (diff) | |
| download | coredns-117a389e40832cdbee69bd9daa04ca35611082ff.tar.gz coredns-117a389e40832cdbee69bd9daa04ca35611082ff.tar.zst coredns-117a389e40832cdbee69bd9daa04ca35611082ff.zip | |
plugin/acl: add the ability to filter records (#4389)
Currently ACLs only allow for allow and block, however it isn't
always desirable to set the status code to REFUSED. Often times
you want to completely hide the fact that those records even exist.
Adding the ability to acl to filter results makes it significantly
harder for a third party to know that the records are being masked.
Signed-off-by: George Shammas <george@shamm.as>
Diffstat (limited to 'plugin/acl/setup.go')
| -rw-r--r-- | plugin/acl/setup.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/plugin/acl/setup.go b/plugin/acl/setup.go index d00ec7796..1a688a485 100644 --- a/plugin/acl/setup.go +++ b/plugin/acl/setup.go @@ -61,8 +61,10 @@ func parse(c *caddy.Controller) (ACL, error) { p.action = actionAllow } else if action == "block" { p.action = actionBlock + } else if action == "filter" { + p.action = actionFilter } else { - return a, c.Errf("unexpected token %q; expect 'allow' or 'block'", c.Val()) + return a, c.Errf("unexpected token %q; expect 'allow', 'block', or 'filter'", c.Val()) } p.qtypes = make(map[uint16]struct{}) |