Unknown Regex Code

  • Resolved backpackingseries

    (@backpackingseries)


    5 years, 11 months ago

    Hello,

    Greetings everyone! Hope this is the right forum for a small Regex Help Request:

    I am trying to trim the htaccess file. However, there’s a piece of code that I am unable to classify (perhaps, the plugin that inserted it is no longer in use – I tried removing plugins and observing changes to the file but this code doesn’t budge. Or, perhaps this is not related to a plugin). Can someone here please advice what this code is meant for / does? Should I retain this or trash it?

    # Begin Unknown
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/?\.user\.ini$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule .* - [F,L,NC]
</IfModule>
# End Unknown

    Kind regards

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    That’s added by your host to support the LetsEncrypt certificate renewal. Do not remove it. If it concerns you, contact your host.

    Thread Starter backpackingseries

    (@backpackingseries)

    Thank you for your prompt help @sterndata.

    I somehow thought the certificate renewal (and force SSL) is handled via the following code. The ReWrite Conditions look so similar and how I wish I could read Regex better! If you don’t mind a follow-up query, what’s the purpose of this last bit of code pasted below? Appreciate your advice.

    # Begin Force SSL
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP:X-Forwarded-Proto} !https
 RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
 RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
 RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
 RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# End Force SSL
    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    that last rule forwards non-HTTPS traffic to use HTTPS

    Thread Starter backpackingseries

    (@backpackingseries)

    Thank you very much, @sterndata

    Those RewriteCond %{REQUEST_URI} conditions look similar and hence the confusion. Really appreciate the quick help.

    I’ll then retain both.

    Kind regards

    Dion

    (@diondesigns)

    The Apache rewrite rules make no sense.

    The first set sends an HTTP403 Forbidden message when attempting to access the .user.ini file (used by insecure and/or poorly-configured PHP installations) or some stuff created by cPanel. This rewrite rule will block Let’s Encrypt from verifying a certificate request because it will not be able to access the file it requested.

    The second set maps http to https for the same directories. This too will block Let’s Encrypt from verifying a certificate request because it will receive a HTTP301 redirect as opposed to the contents of the file it requested.

    As suggested, contact your host. Perhaps they can decipher what cPanel is attempting to accomplish with those rewrite rules. ??

    Thread Starter backpackingseries

    (@backpackingseries)

    @diondesigns, thank you for explaining the distinction. This is super helpful.

    Will contact host for clarification about these two rule sets.

    Kind regards,

    Thread Starter backpackingseries

    (@backpackingseries)

    @diondesigns, @sterndata

    Thanks much for your sharing your thoughts. I just wanted to update the status here (in case anyone is hunting for answers) and close this thread.

    I contacted host (chat support) but could not go past ‘if it’s not causing any problem, just leave it there’. However, cPanel’s site had some useful information about SSL Autorenewal (here and here).

    The most common issue that we have seen regarding this process is that Comodo is not always able to retrieve this file due to .htaccess rules being in place to prevent either the Comodo User-Agent from reaching sites on your server or redirect rules being in place to prevent the cURL command from going through properly.

    So, as I understand, this is what the three standard conditions accomplish (define exceptions), when inserted before every rule:

    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
    RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

    The rule sets do what you have already helped me clarify – Display 403 Forbidden Message for .user.ini and redirect to HTTPS (secure) protocol.

    Kind regards,

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Unknown Regex Code’ is closed to new replies.