From 00da23cbf2e00d2fc0b6fcef4f9590d2298c0660 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 16 Jan 2018 18:22:48 -0800 Subject: [PATCH] use stricter rewriterule --- certbot-apache/certbot_apache/http_01.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certbot-apache/certbot_apache/http_01.py b/certbot-apache/certbot_apache/http_01.py index 6c9fe65ef..72f41f4b5 100644 --- a/certbot-apache/certbot_apache/http_01.py +++ b/certbot-apache/certbot_apache/http_01.py @@ -11,7 +11,7 @@ class ApacheHttp01(common.TLSSNI01): CONFIG_TEMPLATE22 = """\ RewriteEngine on - RewriteRule /.well-known/acme-challenge/(.*) {0}/$1 [L,S=9999] + RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ {0}/$1 [L,S=9999] Order allow deny @@ -21,7 +21,7 @@ class ApacheHttp01(common.TLSSNI01): CONFIG_TEMPLATE24 = """\ RewriteEngine on - RewriteRule /.well-known/acme-challenge/(.*) {0}/$1 [END] + RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ {0}/$1 [END] Require all granted