summaryrefslogtreecommitdiff
path: root/modules/caddytls/tls.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddytls/tls.go')
-rw-r--r--modules/caddytls/tls.go15
1 files changed, 2 insertions, 13 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 92004b8..486a58c 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -22,7 +22,6 @@ import (
"log"
"net/http"
"runtime/debug"
- "strings"
"sync"
"time"
@@ -182,8 +181,8 @@ func (t *TLS) Provision(ctx caddy.Context) error {
onDemandRateLimiter.SetWindow(time.Duration(t.Automation.OnDemand.RateLimit.Interval))
} else {
// remove any existing rate limiter
- onDemandRateLimiter.SetMaxEvents(0)
onDemandRateLimiter.SetWindow(0)
+ onDemandRateLimiter.SetMaxEvents(0)
}
// run replacer on ask URL (for environment variables) -- return errors to prevent surprises (#5036)
@@ -260,17 +259,7 @@ func (t *TLS) Start() error {
if t.Automation.OnDemand == nil ||
(t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.RateLimit == nil) {
for _, ap := range t.Automation.Policies {
- isWildcardOrDefault := false
- if len(ap.Subjects) == 0 {
- isWildcardOrDefault = true
- }
- for _, sub := range ap.Subjects {
- if strings.HasPrefix(sub, "*") {
- isWildcardOrDefault = true
- break
- }
- }
- if ap.OnDemand && isWildcardOrDefault {
+ if ap.OnDemand && ap.isWildcardOrDefault() {
t.logger.Warn("YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place",
zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls"))
break
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 04:52:57 +0000