0

I am trying to block accessing the ssl token via a link to /.well-known/acme-challenge/abc I tried by putting a re-write in the .htaccess file.

RewriteEngine On
RewriteRule ^\.well-known\/acme-challenge\/ /404.php [R=301,L]

However, instead of doing a redirect on /.well-known/acme-challenge/abc , the ssl certificate is still displayed.

How do I prevent access to /.well-known/acme-challenge/abc ?

Yirmiyahu Fischer
  • 503
  • 2
  • 9
  • 22
  • Why do you think you would need to prevent access? https://stackoverflow.com/a/44467356/1427878 – CBroe May 03 '21 at 11:20

2 Answers2

0

Check this post

Something like :

RedirectMatch 403 \/abc$

Btw, why are you trying to hide the SSL certificate? As it said here, you don't need to hide the certificate at all. The certificate only contains the public key and additional info of the owner (in this case the server). It shouldn't contain any private information. What you need to do is to store the certificate in such a way that you can trust the origin of the certificate.

Happy coding!

LeoDevSecOps
  • 68
  • 7
0

Try:

#turn on mod_rewrite
RewriteEngine On
#see if the url is ...
RewriteCond %{REQUEST_URI} ^\/\.well-known\/acme-challenge\/
# redirect to 404.php
RewriteRule ^ 404.php [R=302,L]

or, if you don't want to externally redirect in the browser:

#turn on mod_rewrite
RewriteEngine On
#see if the url is ...
RewriteCond %{REQUEST_URI} ^\/\.well-known\/acme-challenge\/
# send 404
RewriteRule ^ - [R=404,L]
# change to 403 if don't want 404
Example person
  • 3,198
  • 3
  • 18
  • 45