diff options
Diffstat (limited to 'modules/caddytls/tls.go')
-rw-r--r-- | modules/caddytls/tls.go | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 92004b8..486a58c 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -22,7 +22,6 @@ import ( "log" "net/http" "runtime/debug" - "strings" "sync" "time" @@ -182,8 +181,8 @@ func (t *TLS) Provision(ctx caddy.Context) error { onDemandRateLimiter.SetWindow(time.Duration(t.Automation.OnDemand.RateLimit.Interval)) } else { // remove any existing rate limiter - onDemandRateLimiter.SetMaxEvents(0) onDemandRateLimiter.SetWindow(0) + onDemandRateLimiter.SetMaxEvents(0) } // run replacer on ask URL (for environment variables) -- return errors to prevent surprises (#5036) @@ -260,17 +259,7 @@ func (t *TLS) Start() error { if t.Automation.OnDemand == nil || (t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.RateLimit == nil) { for _, ap := range t.Automation.Policies { - isWildcardOrDefault := false - if len(ap.Subjects) == 0 { - isWildcardOrDefault = true - } - for _, sub := range ap.Subjects { - if strings.HasPrefix(sub, "*") { - isWildcardOrDefault = true - break - } - } - if ap.OnDemand && isWildcardOrDefault { + if ap.OnDemand && ap.isWildcardOrDefault() { t.logger.Warn("YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place", zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls")) break |