Jump to content


Photo

LetsEncrypt and automatic insertion of rewrite conditions in .htaccess


  • Please log in to reply
2 replies to this topic

#1 skunkbad

skunkbad

    Member

  • Members
  • PipPip
  • 26 posts

Posted 25 November 2017 - 02:57 PM

Hey guys,

Regarding the following lines inserted into my .htaccess files multiple times:
 

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$


The AutoSSL / LetsEncrypt process needs to be able to verify the domain, and cpanel is just making sure that there aren't any rewrites going on that would break that process, right?

Is there any reason why all this clutter couldn't be fixed by simply adding the following, once near the top (before any of the other rewrites are listed):
 

RewriteRule ^/[0-9]+\..+\.cpaneldcv$ - [L]
RewriteRule ^.well-known - [L]


I'm just asking because if the .htaccess file has more than just a couple things going on, this automatic insertion of rewrite conditions makes such a mess that it can hardly be read.


  • 0

#2 Scott

Scott

    MDDHosting Staff

  • Staff Administrator
  • PipPipPipPip
  • 421 posts
  • Gender:Male

Posted 25 November 2017 - 08:19 PM

We advise leaving the code as is so that only the correct queries will access the .well-known files. Additionally, modifying the code may cause it to be added again automatically, which could lead to unexpected errors.


  • 0
Scott S - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#3 ericr

ericr

    Staff

  • Staff Administrator
  • PipPipPip
  • 223 posts
  • Gender:Male

Posted 25 November 2017 - 08:39 PM

As for the why, it is done that way as part of good security practices.  You always want to permit the absolute minimum and not have rules so broad they would cover more then the software needs.  This is why the rules are specifically added to each section.  


  • 0




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users