From 55f87083e558529d62ef97770abafb9b8981b63f Mon Sep 17 00:00:00 2001
From: Catherine <whitequark@whitequark.org>
Date: Mon, 11 May 2026 10:05:14 +0000
Subject: [PATCH] [security] Fix false positives on Caddy endpoint due to
 domain cache.

In commit bbdaae72802c96ea456301f4a1f035d56d92e6c4, a domain cache was
introduced to deal with misbehaving crawlers that forge `Host:` header
and may cause thousands of expensive S3 requests to be submitted.
This domain cache is implemented using a Bloom filter (which can
produce false positives but not false negatives) for S3 backend, and
using a function always returning true (which will be a false positive
in most cases) for the FS backend.

Both of these behaviors are unacceptable for the Caddy endpoint, but
the FS backend case much more so. If you use git-pages with Caddy you
should upgrade to a build that includes this commit as soon as possible
or Let's Encrypt may rate-limit or restrict your account when you get
unlucky with a crawler.
---
 src/caddy.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/caddy.go b/src/caddy.go
index 2c486c3..72feea2 100644
--- a/src/caddy.go
+++ b/src/caddy.go
@@ -32,7 +32,7 @@ func ServeCaddy(w http.ResponseWriter, r *http.Request) {
 	// Run a cheap check as to whether we might be serving the domain.
 	var found = domainCache.CheckDomain(r.Context(), domain)
 
-	if !found {
+	if found {
 		// Run an expensive check as to whether we are actually serving the domain.
 		found, err = backend.CheckDomain(r.Context(), domain)
 	}