From 5f7e5a127160e5860a711be0d689adceb2409ace Mon Sep 17 00:00:00 2001 From: Catherine Date: Fri, 19 Sep 2025 20:27:58 +0000 Subject: [PATCH] Don't ask backend for bare IP address sites. --- src/caddy.go | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/src/caddy.go b/src/caddy.go index c035730..7bb0d63 100644 --- a/src/caddy.go +++ b/src/caddy.go @@ -3,26 +3,37 @@ package main import ( "fmt" "log" + "net" "net/http" "strings" ) func ServeCaddy(w http.ResponseWriter, r *http.Request) { - domain := r.URL.Query().Get("domain") - if domain == "" { + query := r.URL.Query().Get("domain") + if query == "" { http.Error(w, "domain parameter required", http.StatusBadRequest) return } - found, err := backend.CheckDomain(strings.ToLower(domain)) + // Save the backend some effort from queries that are essentially guaranteed to fail. + // While TLS certificates may be provisionsed for IP addresses under special circumstances[^1], + // this isn't really what git-pages is designed for, and object store accesses can cost money. + // [^1]: https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate + if ip := net.ParseIP(query); ip != nil { + log.Println("caddy:", query, 404, "(bare IP)") + w.WriteHeader(http.StatusNotFound) + return + } + + found, err := backend.CheckDomain(strings.ToLower(query)) if found { - log.Println("caddy:", domain, 200) + log.Println("caddy:", query, 200) w.WriteHeader(http.StatusOK) } else if err == nil { - log.Println("caddy:", domain, 404) + log.Println("caddy:", query, 404) w.WriteHeader(http.StatusNotFound) } else { - log.Println("caddy:", domain, 500) + log.Println("caddy:", query, 500) w.WriteHeader(http.StatusInternalServerError) fmt.Fprintln(w, err) }