Temporarily disable with API (and via UI)

[shapiro125]

In order to make this work, we need to change how the "Disable protection" button looks like.

Use the same approach as for the "Block" button in the Query Log:

There's a fixed list of options that can be used:

• Pause for 30 seconds
• Pause for 1 minute
• Pause for 10 minutes
• Pause for 1 hour
• Pause until tomorrow

When the protection is paused temporarily, "Enable protection" button becomes a countdown:

Original feature request text (replaced by @ameshkov)

Hello -- I'm trying to figure out if there's a way to disable AdGuard Home temporarily within the API. For example, Pi-hole allows disabling for some number of seconds through theirs (http://pi.hole/admin/api.php?disable=300). Unless I'm missing something, I've only figured out how to switch on vs off or make a script that switches it off, sleeps for a certain number of seconds, and then switches it back on.

Thanks!

[ameshkov]

Yeah, there's no such API method at the moment, start-sleep-stop is the only way.

[shapiro125]

Thanks!

[szolin]

Can we close this issue? I doubt that we really need a new API method to temporarily disable the filtering.

[ameshkov]

It depends on the users. If there will be upvotes, we'll consider it.

Generally, I'd better keep all feature requests open until we are 100% sure that we won't do it.

[Klizzy]

i would like to see this feature too!

[lolgast1987]

I'd like this feature too

[SwissOS]

I would really like this feature too. The scenario is like this: I can easily turn on/off AdGuard Home from the web interface, but my wife/kids are not so technical. I could then just make a shortcut on their iphone to turn off the filtering for a short time (say 5 minutes) to test if AdGuard is blocking the website they want to visit.
What do you think?

[ameshkov]

Guys, please add upvotes then (upvote reaction on the issue)

[Aikatsui]

Alternative UI solution #997 #1203 #1450

but my wife/kids are not so technical.

@danielp123 I understand but you may able to create account for them and add a timed allow list with single rule to unblock all domains for 5min. In this cause; i'm not prefer to see AGH become too simple tool.

[WildByDesign]

@ameshkov Along with this feature request to temporarily disable filtering via API, and a good reason for making this feature, would be to integrate this "Temporarily disable AdGuard Home DNS filtering protection" API feature into AdGuard for Windows, AdGuard browser extensions, etc.

I am a long time user of AdGuard for Windows. Quite often, I have to temporarily disable the AGH DNS filtering because it causes problems on kids iPad games and certain things that other users may need to do from time to time.

This may be a tricky request though, in that regard.

[shapiro125]

@ameshkov – I know this issue has gone to a bunch of different places, but I've been using:

curl -X POST "http://[URL]/control/dns_config" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"protection_enabled\": false}"

to enable and disable filtering. Unfortunately, I've noticed that even though filtering is now disabled, the domain is cached as blocked so you have to wait for the cache to clear before the domain will work again. Is this a separate issue that I should file or is there a different API call to turn AdGuard Home off?

Thanks for everything, it's a great piece of software.

[szolin]

domain is cached as blocked

@shapiro125 Do you mean browser's cache? Please try requesting the host name via nslookup or dig - what are the results?

[shapiro125]

@szolin – dig is showing it correctly each time, it appears to be a browser cache issue. If the request is blocked, my browser will continue to block it even after disable adguard. Once it's disabled, the browser will still resolve the domain even after adguard is re-enabled.

I know it's working as expected (according to the dig results), so don't know what to do about it. I'm coming from Pi-hole, where their disable seemed to work instantly in browser without cache problems. Thanks!

[szolin]

. I'm coming from Pi-hole, where their disable seemed to work instantly in browser without cache problems

Maybe they just set small TTL values.
You may set cache_ttl_max: 10 in AGH yaml config, and your browser will "forget" it after 10 seconds.

[ameshkov]

@szolin you mean blocked_response_ttl?

[szolin]

or blocked_response_ttl, yes
Note: cache_ttl_max is available only in beta

[shapiro125]

Oh, interesting. I noticed blocked_response_ttl is set for 10 seconds and, yup, disabling and waiting 10 seconds works.

What are the performance implications for making that shorter?

[ameshkov]

What are the performance implications for making that shorter?

Your devices will make DNS queries for blocked resources more often. Tbh, there are no really serious performance implications, especially if we're talking about AGH that's hosted in the local network and not on some public server.

[hoshsadiq]

I'd love this too. Just noticed that Adguard was disabled for the past day or so because I had forgotten to re-enable it. It would be great to have an option in the UI as well.

[Aikatsui]

@hoshsadiq #1879

[lolgast1987]

How is that AdGuard related? You're having issues with HA, not AdGuard. Try this to see whether your API is working.
curl -X POST -H "Content-Type:application/json" -d '{"protection_enabled":false}' http://[IP_ADGUARD]/control/dns_config

It should disable AdGuard

[ameshkov]

HTTP auth header may be necessary as well, plz see the openapi folder in AGH sources

[hoshsadiq]

I got hit by this again several times. To avoid this in the future, I updated my script above to ensure it never stays disabled for more than 1 hour. If anyone wants to to use it, it's below. Install jq first, then save the file somewhere, chmod +x it, and run as a cronjob for e.g. every 5 mins. This will check every if the last time it was enabled was over 1 hour ago, and if so, it will re-enable it.

#!/usr/bin/env bash

set -eu

username="<set>"
password="<set>"
url="<set>"

urlRegex='^(([^:/?#]+):)?(//((([^:/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))(\?([^#]*))?(#(.*))?'

SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
lastCheckFile="$SCRIPT_DIR/agh_disabled_last_check.txt"

if [[ "$url" =~ $urlRegex ]]; then
  printf -v url "%s://%s%s" "${BASH_REMATCH[2]}" "${BASH_REMATCH[4]}" "${BASH_REMATCH[5]}"
else
  >&2 printf "unable to get AdGuard Home URL. Got %s" "$url"
  exit 1
fi

if [[ -s "$lastCheckFile" ]] && (( $(cat "$lastCheckFile") < "$(date -d "1 hour ago" +%s)" )); then
  curl -X POST -u "$username:$password" -H "Content-Type:application/json" -d '{"protection_enabled":true}' "$url/control/dns_config"
fi

if curl -fsSL -u "$username:$password" -H "Accept: application/json" "$url/control/status" | jq -r '.protection_enabled' | grep -qFx true; then
  date +%s > "$lastCheckFile"
fi

[foorschtbar]

This will be a part of the new API and UI.

Is there a ETA for the "new API and UI"? For me, the temporary disabling is an important feature. Sometimes I need to disable the filter and then of course I forget to enable it again - who doesn't remember the situation?

[ainar-g]

No precise timeframes, unfortunately.

[separac]

I would really love that feature as well. Adguard runs perfectly but there are certain pages/ ads that me or my wife want to follow on purpose that might get blocked.

[eirikc]

Just switched from pihole to Adguard, and I'm sad to see this feature missing. Absolutely nessecary feature in my household.

[foorschtbar]

do you know the comparison list in the README of this repo? I am thinking about submitting a PR with another line. What do you folks think of it?

Feature	AdGuard Home	Pi-Hole
Blocking ads and trackers	✅	✅
Customizing blocklists	✅	✅
Built-in DHCP server	✅	✅
HTTPS for the Admin interface	✅	Kind of, but you'll need to manually configure lighttpd
Encrypted DNS upstream servers (DNS-over-HTTPS, DNS-over-TLS, DNSCrypt)	✅	❌ (requires additional software)
Cross-platform	✅	❌ (not natively, only via Docker)
Running as a DNS-over-HTTPS or DNS-over-TLS server	✅	❌ (requires additional software)
Blocking phishing and malware domains	✅	❌ (requires non-default blocklists)
Parental control (blocking adult domains)	✅	❌
Force Safe search on search engines	✅	❌
Per-client (device) configuration	✅	✅
Access settings (choose who can use AGH DNS)	✅	❌
Running [without root privileges][wiki-noroot]	✅	❌
Temporarily disable ad-blocker for a certain period of time	❌	✅

[ameshkov]

Lol :)

Updated the original feature request with the description of how it will be implemented: #1333 (comment)

[ainar-g]

The feature is implemented in the most recent Edge builds, and it's going to be included in the next Beta release. Please fill new issues if you find any bugs with it.

[svenjacobs]

First of all thank you very much for this feature! It's really useful and I use it quite often 👍🏼

I think I found a minor cosmetic bug: When a pause timer is active while the browser or browser tab is inactive (in the background, not visible, etc.), the value of the countdown is not properly updated when returning to the page (Chrome 112.0.5615.121). So what could happen is that the countdown is still running although from server side it's already completed and protection enabled again.

Without knowing anything of how this is implemented technically, I assume that the countdown is only updated in frontend (JavaScript) code? If so, when a browser (tab) is paused, so are setTimeout invocations which could lead to errors with the countdown calculation.

[ainar-g]

We'll look into it, thanks for reporting.

[meltinsands]

Is there a timeline when the API is implemented in the stable version? A missed feature since switching from pihole.

[jdowning]

API example:

1. Generate an authorization token.

   auth_header=`echo -n "admin_username:admin_password" | base64`
   

2. Disable protection for N milliseconds. The example below is for 1 minute (60000ms).

   curl -X POST "http://Adguard_IP_Address:8083/control/protection" \
     -H "Accept: application/json" \
     -H "Content-Type: application/json" \
     -H "Authorization: Basic $auth_header"\
     -d '{"enabled":false,"duration":60000}'