- Add Cleanup() method (caddy.CleanerUpper) to stop goroutines on config
reload, preventing goroutine leaks
- Add Validate() method (caddy.Validator) for early config validation with
reasonable bounds checking
- Add public BanIP() method for admin handler, replacing direct internal
state manipulation
- Add bounds checking for failure tracker and ban maps to prevent memory
exhaustion under DDoS (100k/50k limits)
- Add eviction functions to proactively clean oldest entries when at capacity
Support for whitelisting SIP trunks and providers by hostname or SRV
record with automatic IP resolution and periodic refresh.
Features:
- Hostname resolution via A/AAAA records
- SRV record resolution (e.g., _sip._udp.provider.com)
- Configurable refresh interval (default 5m)
- Stale entry handling when DNS fails
- Admin API endpoints for DNS whitelist management
- Caddyfile directives: whitelist_hosts, whitelist_srv, dns_refresh
This allows whitelisting by provider name rather than tracking
constantly-changing IP addresses.
