From 2a4c74e30e3e43f2e20a8b3e688b6dd0eb9a452e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rapha=C3=ABl=20Gertz?= Date: Sat, 30 Nov 2019 23:20:23 +0100 Subject: [PATCH 1/1] Fix script rewrite to end rewrite process Don't redirect errors and icons Add redirect in global rewrite, unencrypted vhosts only have to inherit rules --- www/acme.apache.conf | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/www/acme.apache.conf b/www/acme.apache.conf index 8ff2241..d3d1afd 100644 --- a/www/acme.apache.conf +++ b/www/acme.apache.conf @@ -14,9 +14,17 @@ # Start rewrite engine RewriteEngine on - # Only if https is disabled + # Rewrite acme uri on php script RewriteCond %{HTTPS} off + RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /usr/share/acme/acme-challenge.php?key=$1 [END] - # Rewrite acme uri on php script - RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /usr/share/acme/acme-challenge.php?key=$1 [L] + # Rewrite errors as final + RewriteRule ^/error/(HTTP_BAD_GATEWAY|HTTP_BAD_REQUEST|HTTP_FORBIDDEN|HTTP_GONE|HTTP_INTERNAL_SERVER_ERROR|HTTP_LENGTH_REQUIRED|HTTP_METHOD_NOT_ALLOWED|HTTP_NOT_FOUND|HTTP_NOT_IMPLEMENTED|HTTP_PRECONDITION_FAILED|HTTP_REQUEST_ENTITY_TOO_LARGE|HTTP_REQUEST_TIME_OUT|HTTP_REQUEST_URI_TOO_LARGE|HTTP_SERVICE_UNAVAILABLE|HTTP_UNAUTHORIZED|HTTP_UNSUPPORTED_MEDIA_TYPE|HTTP_VARIANT_ALSO_VARIES).html.var "-" [PT,END] + + # Rewrite icons as final + RewriteRule ^/icons/(([acfp]|back|binary|binhex|blank|bomb|box1|box2|broken|burst|compressed|continued|dir|diskimg|down|dvi|forward|icon.sheet|image1|image2|image3|index|layout|left|link|movie|patch|pdf|pie0|pie1|pie2|pie3|pie4|pie5|pie6|pie7|pie8|portal|ps|quill|right|screw1|screw2|script|sound1|sound2|sphere1|sphere2|tar|tex|text|transfer|unknown|up|uuencoded|uu|world1|world2|folder(|.open|.sec)|generic(|.red|.sec)|alert.(black|red)|hand.(right|up)|ball.(gray|red)|comp.(blue|gray)|small/(back|binary|binhex|blank|broken|burst|comp1|comp2|compressed|continued|doc|folder2|folder|forward|generic2|generic3|generic|image2|image|index|key|movie|patch|ps|rainbow|sound2|sound|tar|text|transfer|unknown|uu)).(gif|png)|apache_pb(|2).(gif|png|svg)|(svg|xml|odf6o(d[bcfgimpst]|t[cfghipst])).png) "-" [PT,END] + + #Redirect to https + RewriteCond %{HTTPS} off + RewriteRule (/.*) https://%{SERVER_NAME}$1 [L,R=301] -- 2.41.1