skunkbad Posted November 25, 2017 Report Share Posted November 25, 2017 Hey guys,Regarding the following lines inserted into my .htaccess files multiple times: RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$The AutoSSL / LetsEncrypt process needs to be able to verify the domain, and cpanel is just making sure that there aren't any rewrites going on that would break that process, right?Is there any reason why all this clutter couldn't be fixed by simply adding the following, once near the top (before any of the other rewrites are listed): RewriteRule ^/[0-9]+\..+\.cpaneldcv$ - [L] RewriteRule ^.well-known - [L]I'm just asking because if the .htaccess file has more than just a couple things going on, this automatic insertion of rewrite conditions makes such a mess that it can hardly be read. Quote Link to comment Share on other sites More sharing options...
Scott Posted November 26, 2017 Report Share Posted November 26, 2017 We advise leaving the code as is so that only the correct queries will access the .well-known files. Additionally, modifying the code may cause it to be added again automatically, which could lead to unexpected errors. Quote Link to comment Share on other sites More sharing options...
ericr Posted November 26, 2017 Report Share Posted November 26, 2017 As for the why, it is done that way as part of good security practices. You always want to permit the absolute minimum and not have rules so broad they would cover more then the software needs. This is why the rules are specifically added to each section. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.