Is there any way to teach Apache httpd to globally exempt .well-known/acme-challenge/* URL paths from Redirect directives?
The END modifier to RewriteRule (new in httpd 2.4) achieves this effect for that directive, but I’ve been stumped to come up with a solution for the same exemption logic for Redirect.
For example, if a user has Redirect 302 / http://google.com/ in their .htaccess file, it’d be nice to have some way to teach Apache to ignore that directive if the URL is for an ACME challenge.
That assumes a direct modification to the .htaccess file. I want a global configuration that prevents httpd from following Redirect when it matches the ACME challenge pattern.
Alias or AliasMatch might work. I’d still prefer to find a less intrusive option that wouldn’t upend user expectations about where their stuff is. We’d have to document the change for customers, and it would break any custom setups users might have put in place … but we’ll check it out.
The .well-known/acme-challenge folder is a very specific location; which should only be used by ACME clients.
True, your clients may have used their specific acme-challenge locations in customized ways - but uncommon.
So a “global alias” may be more than you require and, yes, it could impact some custom customer scripts…
It seems that mod_alias can be used in the server config, virtual hosts, and directories (https://httpd.apache.org/docs/2.4/mod/mod_alias.html)
So I would use it within your controlled vhost configs and include it as a common file (wherever needed). <virtual host>
… include /etc/apache2/common.challenges.location
… </virtual host>
Where /etc/apache/common.challenges.location contains: <Location "/.well-known/acme-challenge"> Alias "/common/challenge/folder" </Location>