starred/AdGuardHome
1
0
Fork 0
mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2026-03-04 00:01:12 -05:00
Code Issues 1.2k Projects Packages Wiki Activity

Custom blocklist per-client #5781

New issue
Open
opened 2026-03-04 06:35:07 -05:00 by deekerman · 17 comments
deekerman commented 2026-03-04 06:35:07 -05:00
Owner
Copy link

Originally created by @DevonTM on GitHub (Sep 23, 2025).

Prerequisites

  • I have checked the Wiki and Discussions and found no answer

  • I have searched other issues and found no duplicates

  • I want to request a feature or enhancement and not ask a question

The problem

I would like to use a different blocklist for specific clients instead of only relying on the global setting. For example, I want to create a client profile for children and apply this blocklist to block adult sites.

Proposed solution

Add an option (e.g., a new tab or section) in the client settings to specify custom blocklists.

Alternatives considered and additional information

No response

Originally created by @DevonTM on GitHub (Sep 23, 2025). ### Prerequisites - [x] I have checked the [Wiki](https://github.com/AdguardTeam/AdGuardHome/wiki) and [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions) and found no answer - [x] I have searched other issues and found no duplicates - [x] I want to request a feature or enhancement and not ask a question ### The problem I would like to use a different blocklist for specific clients instead of only relying on the global setting. For example, I want to create a client profile for children and apply [this blocklist](https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/nsfw.txt) to block adult sites. ### Proposed solution Add an option (e.g., a new tab or section) in the client settings to specify custom blocklists. ### Alternatives considered and additional information _No response_
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@PANICBUTT0N commented on GitHub (Sep 23, 2025):

Seconding this request. There are several domains and services I would like to block on my smart TV that I would still like to be able to access on other devices.

@PANICBUTT0N commented on GitHub (Sep 23, 2025): Seconding this request. There are several domains and services I would like to block on my smart TV that I would still like to be able to access on other devices.
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@Dynamic5912 commented on GitHub (Sep 23, 2025):

Use custom filtering rules with clientID's or ctag's to block the domains on those devices only

@Dynamic5912 commented on GitHub (Sep 23, 2025): Use custom filtering rules with clientID's or ctag's to block the domains on those devices only
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@PANICBUTT0N commented on GitHub (Sep 23, 2025):

Use custom filtering rules with clientID's or ctag's to block the domains on those devices only

This is much less convenient, though. The whole point of blocklists is to be able to have a regularly updated repository of domains to block, instead of regularly manually pasting in hundreds of thousands of lines of custom filters. If global blocklists are supported, I don't see why per-client blocklists is an unreasonable request.

@PANICBUTT0N commented on GitHub (Sep 23, 2025): > Use custom filtering rules with clientID's or ctag's to block the domains on those devices only This is much less convenient, though. The whole point of blocklists is to be able to have a regularly updated repository of domains to block, instead of regularly manually pasting in hundreds of thousands of lines of custom filters. If global blocklists are supported, I don't see why per-client blocklists is an unreasonable request.
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@theschles commented on GitHub (Sep 23, 2025):

Use custom filtering rules with clientID's or ctag's to block the domains on those devices only

@Dynamic5912 please explain to me how per-client-blocking is supposed to work -- because at this point, IT'S NOT WORKING.

AdguardHome Version: v0.107.66

My current blocklist @@||google.com^$important @@||accounts.youtube.com^$important ||agenciamaisvoce.com^$important ||caterhamcars.com^$important ||daimleragemea.germany-2.evergage.com^$important ||doodle4google.com^$important ||doodles.google.com^$important ||doodles.google^$important ||eavesdropthenashame.com^$important ||f1.com^$important ||ferrari.com^$important ||formula1.com^$important ||formulaonedigitalmedia.germany-2.evergage.com^$important ||games.googleapis.com^$important ||gameswhitelisted.googleapis.com^$important ||lamborghini.com^$important ||mclaren.com^$important ||morgan-motor.com^$important ||play.googleapis.com^$important ||porsche.cloud^$important ||porsche.com^$important ||porsche.matomo.cloud^$important ||tiktok.com^$important ||watchliveformula1.com^$important ||withgoogle.com^$important

As you might have guessed from the above list, my son Morgan is obsessed with high-speed automotive racing -- to the detriment of his homework and grades.

He has a school Chromebook -- which is why I have to allow-list google.com and accounts.youtube.com -- or he can't log into his school account.

I have a Client named 'Morgan' -- with the Chromebook's DHCP reserved IP address listed in the Identifier list.

The above block-list works -- I verify this at the bottom of the "Custom filtering rules" page in the 'Check the filtering' section.

However, it blocks ALL Clients on the network for the above sites. I just want it to block Morgan's computers for the above site list.

I've tried to just specify the Client 'Morgan' for the above, e.g.:

||caterhamcars.com^$important,client='Morgan'
or
||caterhamcars.com^$client='Morgan',important

And in either case, caterhamcars.com is then NO LONGER BLOCKED FOR ANY CLIENT on the the network -- which I can confirm with the 'Check the filtering' section on the bottom of the 'Custom blocking rules' page.

HELP!?!?

@theschles commented on GitHub (Sep 23, 2025): > Use custom filtering rules with clientID's or ctag's to block the domains on those devices only @Dynamic5912 please explain to me how per-client-blocking is supposed to work -- because at this point, IT'S NOT WORKING. AdguardHome Version: v0.107.66 <details> <summary>My current blocklist</summary> @@||google.com^$important @@||accounts.youtube.com^$important ||agenciamaisvoce.com^$important ||caterhamcars.com^$important ||daimleragemea.germany-2.evergage.com^$important ||doodle4google.com^$important ||doodles.google.com^$important ||doodles.google^$important ||eavesdropthenashame.com^$important ||f1.com^$important ||ferrari.com^$important ||formula1.com^$important ||formulaonedigitalmedia.germany-2.evergage.com^$important ||games.googleapis.com^$important ||gameswhitelisted.googleapis.com^$important ||lamborghini.com^$important ||mclaren.com^$important ||morgan-motor.com^$important ||play.googleapis.com^$important ||porsche.cloud^$important ||porsche.com^$important ||porsche.matomo.cloud^$important ||tiktok.com^$important ||watchliveformula1.com^$important ||withgoogle.com^$important </details> As you might have guessed from the above list, my son Morgan is obsessed with high-speed automotive racing -- to the detriment of his homework and grades. He has a school Chromebook -- which is why I have to allow-list google.com and accounts.youtube.com -- or he can't log into his school account. I have a Client named 'Morgan' -- with the Chromebook's DHCP reserved IP address listed in the Identifier list. The above block-list works -- I verify this at the bottom of the "Custom filtering rules" page in the 'Check the filtering' section. However, it blocks ALL Clients on the network for the above sites. I just want it to block Morgan's computers for the above site list. I've tried to just specify the Client 'Morgan' for the above, e.g.: `||caterhamcars.com^$important,client='Morgan'` or `||caterhamcars.com^$client='Morgan',important` And in either case, `caterhamcars.com` is then NO LONGER BLOCKED FOR ANY CLIENT on the the network -- which I can confirm with the 'Check the filtering' section on the bottom of the 'Custom blocking rules' page. HELP!?!?
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@Dynamic5912 commented on GitHub (Sep 24, 2025):

Is the client saved as a persistent client in AGH?

@Dynamic5912 commented on GitHub (Sep 24, 2025): Is the client saved as a persistent client in AGH?
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@theschles commented on GitHub (Sep 24, 2025):

Is the client saved as a persistent client in AGH?

@Dynamic5912 Yes

Image
@theschles commented on GitHub (Sep 24, 2025): > Is the client saved as a persistent client in AGH? @Dynamic5912 Yes <img width="1222" height="328" alt="Image" src="https://github.com/user-attachments/assets/2034327b-e438-4667-9a4d-525aebc9d96a" />
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@Dynamic5912 commented on GitHub (Sep 24, 2025):

Being a Chromebook - can you even see DNS logs for it in AGH?

It could have DOH set at the OS or Browser level that's bypassing your AGH

@Dynamic5912 commented on GitHub (Sep 24, 2025): Being a Chromebook - can you even see DNS logs for it in AGH? It could have DOH set at the OS or Browser level that's bypassing your AGH
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@theschles commented on GitHub (Sep 24, 2025):

Being a Chromebook - can you even see DNS logs for it in AGH?

It could have DOH set at the OS or Browser level that's bypassing your AGH

@Dynamic5912 yes his query history is there -- that's how I know what sites to block.

BTW:

  • At my router I block port 53 requests (DNS) from his Chromebook IP address.
  • I also forced his Chromebook configuration to use the DNS settings from the DHCP server -- and that DNS server is my AGH instance.
  • So the only way he can anything done is to go through AGH.
@theschles commented on GitHub (Sep 24, 2025): > Being a Chromebook - can you even see DNS logs for it in AGH? > > It could have DOH set at the OS or Browser level that's bypassing your AGH @Dynamic5912 yes his query history is there -- that's how I know what sites to block. BTW: * At my router I block port 53 requests (DNS) from his Chromebook IP address. * I also forced his Chromebook configuration to use the DNS settings from the DHCP server -- and that DNS server is my AGH instance. * So the only way he can anything done is to go through AGH.
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@theschles commented on GitHub (Sep 24, 2025):

@Dynamic5912 if you'd like to see it with your own two eyes, I can set up a screenshare. Today I'm available for the next 2-1/2 hours (until 18:00 Pacific). I can publish a Zoom / Google Meet / pick-your-preferred-screenshare-link here at a private repo that's only accessible to the two of us.

@theschles commented on GitHub (Sep 24, 2025): @Dynamic5912 if you'd like to see it with your own two eyes, I can set up a screenshare. Today I'm available for the next 2-1/2 hours (until 18:00 Pacific). I can publish a Zoom / Google Meet / pick-your-preferred-screenshare-link [here at a private repo](https://github.com/theschles/Dynamic5912/blob/main/README.md) that's only accessible to the two of us.
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@theschles commented on GitHub (Sep 25, 2025):

@Dynamic5912 I'm available most of the day if you'd like me to set up a screenshare.

@theschles commented on GitHub (Sep 25, 2025): @Dynamic5912 I'm available most of the day if you'd like me to set up a screenshare.
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@Dynamic5912 commented on GitHub (Sep 25, 2025):

Add a client identifier to the persistent device with the same name as the device name.

Then see if the blocking rule works.

@Dynamic5912 commented on GitHub (Sep 25, 2025): Add a client identifier to the persistent device with the same name as the device name. Then see if the blocking rule works.
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@theschles commented on GitHub (Sep 26, 2025):

Add a client identifier to the persistent device with the same name as the device name.

Then see if the blocking rule works.

By "device name", do you mean hostname?

And you're suggesting to add that "device name" (hostname) to the "Identifiers" section for his particular client -- which currently has the IP addresses for his Chromebook and his personal laptop?

Image

Or are you suggesting that the "Custom filtering rule" be along the lines of:
||caterhamcars.com^$important,client='<hostname>'
or
||caterhamcars.com^$important,client='<IP address of his Chromebook>'
?

@theschles commented on GitHub (Sep 26, 2025): > Add a client identifier to the persistent device with the same name as the device name. > > Then see if the blocking rule works. By "device name", do you mean `hostname`? And you're suggesting to add that "device name" (`hostname`) to the "Identifiers" section for his particular client -- which currently has the IP addresses for his Chromebook and his personal laptop? <img width="651" height="249" alt="Image" src="https://github.com/user-attachments/assets/52c5669d-7185-4d84-ad8f-4fc84ef99390" /> Or are you suggesting that the "Custom filtering rule" be along the lines of: `||caterhamcars.com^$important,client='<hostname>'` or `||caterhamcars.com^$important,client='<IP address of his Chromebook>'` ?
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@Dynamic5912 commented on GitHub (Sep 26, 2025):

Add as an identifier to the client, yes

@Dynamic5912 commented on GitHub (Sep 26, 2025): Add as an identifier to the client, yes
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@hero-rareheart commented on GitHub (Oct 15, 2025):

This isn't going to show up because GitHub is stupid and shadow banned my account for nothing, but I also would like this feature. I have a specific client I want following a whitelist and all the other clients following a set of blacklists.

@hero-rareheart commented on GitHub (Oct 15, 2025): This isn't going to show up because GitHub is stupid and shadow banned my account for nothing, but I also would like this feature. I have a specific client I want following a whitelist and all the other clients following a set of blacklists.
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@theschles commented on GitHub (Oct 21, 2025):

This isn't going to show up because GitHub is stupid and shadow banned my account for nothing, but I also would like this feature. I have a specific client I want following a whitelist and all the other clients following a set of blacklists.

Hi @hero-rareheart -- I can see your post

@theschles commented on GitHub (Oct 21, 2025): > This isn't going to show up because GitHub is stupid and shadow banned my account for nothing, but I also would like this feature. I have a specific client I want following a whitelist and all the other clients following a set of blacklists. Hi @hero-rareheart -- I can see your post
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@mostpinkest commented on GitHub (Nov 10, 2025):

Possible duplicate of #435

@mostpinkest commented on GitHub (Nov 10, 2025): Possible duplicate of #435
deekerman commented 2026-03-04 06:35:15 -05:00
Author
Owner
Copy link

@fegauthier-paragon commented on GitHub (Mar 2, 2026):

I did a PR for that feature.

https://github.com/AdguardTeam/AdGuardHome/pull/8274

@fegauthier-paragon commented on GitHub (Mar 2, 2026): I did a PR for that feature. https://github.com/AdguardTeam/AdGuardHome/pull/8274
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
AGDNS-3523-upd-dnsproxy-middlewares
ADG-11407-add-docker-release
AGDNS-3535-upd-urlfilter
AGDNS-3684-fix-tls-status
beta-v0.107
release-v0.107.72
ADG-10306
beta-v0.108
ADG-10291
upd-url-filter
release-v0.107.71
release-v0.107.70
ADG-10301
ADG-8560-react-update
ADG-8560-graph-fix
release-v0.107.69
release-v0.107.68
release-v0.107.67
release-v0.107.66
ADG-10295
release-v0.107.65
release-v0.107.64
release-v0.107.63
release-v0.107.62
release-v0.107.61
release-v0.107.60
release-v0.107.59
release-v0.107.58
ADG-9783
ADG-1-utils-bundle-update
ADG-9415
release-v0.107.57
ADG-9565
release-v0.107.56
release-v0.107.55
release-v0.107.54
release-v0.107.53
infra-fix
upd-locales
release-v0.107.52
release-v0.107.51
AGDNS-2184-adguard-home
AG-32410-upd-dnsproxy
release-v0.107.50
release-v0.107.49
release-v0.107.48
release-v0.107.47
release-v0.107.46
release-v0.107.45
release-v0.107.44
release-v0.107.43
release-v0.107.42
6263-custom-ups-cache
release-v0.107.41
6399-fix-ups-check
release-v0.107.40
release-v0.107.39
release-v0.107.38
release-v0.107.37
6099-check-port-install
release-v0.107.36
release-v0.107.35
6006-refactor-client-lookup
release-v0.107.34
AG-23822
release-v0.107.33
3389-querylog-export
release-v0.107.32
fix-templates
release-v0.107.31
release-v0.107.30
5799-allowed-clients
5347-wildcard-interference
release-v0.107.29
AG-21485
release-v0.107.28
release-v0.107.27
release-v0.107.26
release-v0.107.25
release-v0.107.24
4728-cap-check
release-v0.107.23
release-v0.107.22
2499-rewrites-3
release-v0.107.21
release-v0.107.20
release-v0.107.19
4927-refactor-tls
release-v0.107.18
release-v0.107.17
release-v0.107.16
release-v0.107.15
websvc-confin-manager
release-v0.107.14
2926-lla-ipv6
4926-scroll
release-v0.107.13
release-v0.107.12
release-v0.107.11
release-v0.107.10
release-v0.107.9
WIP-upd-urls
release-v0.107.8
release-v0.107.7
release-v0.107.6
release-v0.107.5
release-v0.107.4
release-v0.107.3
release-v0.107.2
release-v0.107.1
release-v0.107.0
fix-stats-layout
beta-v0.106
release-v0.106.3
release-v0.106.2
release-v0.106.1
fix-client2-generator
dsheets-ipset-subs
fix-context
2044-gc
1691-clear-leases-v2
v0.107.72
v0.108.0-b.82
v0.108.0-b.81
v0.107.71
v0.108.0-b.80
v0.107.70
v0.108.0-b.79
v0.107.69
v0.108.0-b.78
v0.107.68
v0.108.0-b.77
v0.107.67
v0.108.0-b.76
v0.107.66
v0.108.0-b.75
v0.107.65
v0.108.0-b.74
v0.108.0-b.73
v0.107.64
v0.108.0-b.72
v0.107.63
v0.108.0-b.71
v0.107.62
v0.108.0-b.70
v0.108.0-b.69
v0.107.61
v0.108.0-b.68
v0.108.0-b.67
v0.107.60
v0.108.0-b.66
v0.107.59
v0.108.0-b.65
v0.107.58
v0.108.0-b.64
v0.107.57
v0.108.0-b.63
v0.107.56
v0.108.0-b.62
v0.107.55
v0.108.0-b.61
v0.108.0-b.60
v0.107.54
v0.108.0-b.59
v0.107.53
v0.108.0-b.58
v0.107.52
v0.108.0-b.57
v0.107.51
v0.108.0-b.56
v0.107.50
v0.107.49
v0.108.0-b.55
v0.107.48
v0.107.47
v0.107.46
v0.108.0-b.54
v0.107.45
v0.108.0-b.53
v0.107.44
v0.108.0-b.52
v0.107.43
v0.108.0-b.51
v0.107.42
v0.108.0-b.50
v0.108.0-b.49
v0.107.41
v0.107.40
v0.108.0-b.48
v0.108.0-b.47
v0.107.39
v0.108.0-b.46
v0.107.38
v0.108.0-b.45
v0.107.37
v0.108.0-b.44
v0.108.0-b.43
v0.107.36
v0.107.35
v0.108.0-b.42
v0.108.0-b.41
v0.107.34
v0.108.0-b.40
v0.108.0-b.39
v0.107.33
v0.108.0-b.38
v0.108.0-b.37
v0.107.32
v0.108.0-b.36
v0.107.31
v0.108.0-b.35
v0.107.30
v0.108.0-b.34
v0.107.29
v0.108.0-b.33
v0.107.28
v0.108.0-b.32
v0.107.27
v0.108.0-b.31
v0.108.0-b.30
v0.107.26
v0.108.0-b.29
v0.108.0-b.28
v0.107.25
v0.108.0-b.27
v0.107.24
v0.108.0-b.26
v0.107.23
v0.108.0-b.25
v0.107.22
v0.108.0-b.24
v0.107.21
v0.108.0-b.23
v0.107.20
v0.108.0-b.22
v0.107.19
v0.108.0-b.21
v0.107.18
v0.108.0-b.20
v0.107.17
v0.108.0-b.19
v0.108.0-b.18
v0.107.16
v0.108.0-b.17
v0.107.15
v0.108.0-b.16
v0.107.14
v0.108.0-b.15
v0.107.13
v0.108.0-b.14
v0.107.12
v0.108.0-b.13
v0.107.11
v0.108.0-b.12
v0.107.10
v0.108.0-b.11
v0.107.9
v0.108.0-b.10
v0.107.8
v0.107.7
v0.108.0-b.9
v0.108.0-b.8
v0.108.0-b.7
v0.108.0-b.6
v0.107.6
v0.108.0-b.5
v0.108.0-b.4
v0.107.5
v0.107.4
v0.108.0-b.3
v0.107.3
v0.108.0-b.2
v0.108.0-b.1
v0.107.2
v0.107.1
v0.107.0
v0.107.0-b.17
v0.107.0-b.16
v0.107.0-b.15
v0.107.0-b.14
v0.107.0-b.13
v0.107.0-b.12
v0.107.0-b.11
v0.107.0-b.10
v0.107.0-b.9
v0.107.0-b.8
v0.107.0-b.7
v0.107.0-b.6
v0.107.0-b.5
v0.107.0-b.4
v0.107.0-b.3
v0.107.0-b.2
v0.107.0-b.1
v0.106.3
v0.106.3-b.1
v0.106.2
v0.106.2-b.1
v0.106.1
v0.106.1-b.1
v0.106.0
v0.106.0-b.5
v0.106.0-b.4
v0.106.0-b.3
v0.106.0-b.2
v0.106.0-b.1
v0.105.2
v0.105.2-beta.1
v0.105.1
v0.105.1-beta.1
v0.105.0
v0.105.0-beta.5
v0.105.0-beta.4
v0.105.0-beta.3
v0.105.0-beta.2
v0.105.0-beta.1
v0.104.3
v0.104.2
v0.104.1
v0.104.0
v0.104.0-beta3
v0.104.0-beta2
v0.104.0-beta1
v0.103.3
v0.103.2
v0.103.1
v0.103.0
v0.103.0-beta3
v0.103.0-beta2
v0.103.0-beta1
v0.102.0
v0.101.0
v0.100.9
v0.100.8
v0.100.7
v0.100.6
v0.100.5
v0.100.4
v0.100.3
v0.100.2
v0.100.1
v0.100.0
v0.99.3
v0.99.2
v0.99.1
v0.99.0
v0.98.1
v0.98.0
v0.97.1
v0.97.0
v0.96-hotfix
v0.96
v0.95-hotfix
v0.95
v0.94
v0.93
v0.92-hotfix2
v0.92-hotfix1
v0.92
v0.91
v0.9-hotfix1
v0.9
v0.1
Labels
Clear labels   
P1: Critical

   
P2: High

   
P3: Medium

   
P4: Low

   
UI

   
bug

   
cannot reproduce

   
compatibility

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
external libs

   
feature request

   
good first issue

   
help wanted

   
infrastructure

   
invalid

   
localization

   
needs investigation

   
performance

   
potential-duplicate

   
question

   
recurrent

   
research

   
snap

   
waiting for data

   
wontfix
No labels
P1: Critical
P2: High
P3: Medium
P4: Low
UI
bug
cannot reproduce
compatibility
dependencies
docker
documentation
duplicate
enhancement
enhancement
external libs
feature request
good first issue
help wanted
infrastructure
invalid
localization
needs investigation
performance
potential-duplicate
question
recurrent
research
snap
waiting for data
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/AdGuardHome#5781
No description provided.