github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-11-22 14:11:50 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

caddytls: Relax the warning for on-demand (#5384)

Browse Source
This commit is contained in:
Francis Lavoie 2023-02-22 13:41:01 -05:00 committed by GitHub
parent 79de6df93d
commit be53e432fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/caddytls/tls.go
View File

@ -22,6 +22,7 @@ import (
"log"
"net/http"
"runtime/debug"
"strings"
"sync"
"time"
@ -259,7 +260,17 @@ func (t *TLS) Start() error {
if t.Automation.OnDemand == nil ||
(t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.RateLimit == nil) {
for _, ap := range t.Automation.Policies {
if ap.OnDemand {
isWildcardOrDefault := false
if len(ap.Subjects) == 0 {
isWildcardOrDefault = true
}
for _, sub := range ap.Subjects {
if strings.HasPrefix(sub, "*") {
isWildcardOrDefault = true
break
}
}
if ap.OnDemand && isWildcardOrDefault {
t.logger.Warn("YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place",
zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls"))
break