From fbd00e4b53226164a9aae5f44bd52328d4e59d96 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Tue, 16 Feb 2021 13:31:53 -0700
Subject: Improve security warnings

---
 modules/caddyhttp/app.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'modules/caddyhttp/app.go')

diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go
index 42e7725..4f5bc84 100644
--- a/modules/caddyhttp/app.go
+++ b/modules/caddyhttp/app.go
@@ -176,8 +176,8 @@ func (app *App) Provision(ctx caddy.Context) error {
 		// domain fronting is desired and access is not restricted
 		// based on hostname
 		if srv.StrictSNIHost == nil && srv.hasTLSClientAuth() {
-			app.logger.Info("enabling strict SNI-Host matching because TLS client auth is configured",
-				zap.String("server_name", srvName),
+			app.logger.Warn("enabling strict SNI-Host enforcement because TLS client auth is configured",
+				zap.String("server_id", srvName),
 			)
 			trueBool := true
 			srv.StrictSNIHost = &trueBool
@@ -283,7 +283,6 @@ func (app *App) Validate() error {
 			}
 		}
 	}
-
 	return nil
 }
 
-- 
cgit v1.2.3