From: Eric Wong <e@80x24.org>
Date: Tue, 2 Sep 2025 20:30:13 +0000 (+0000)
Subject: reject_bots: allow .well-known unconditionally
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6f4142685f37e33a0488b030069dd0602ab2cba1;p=thirdparty%2Fpublic-inbox.git

reject_bots: allow .well-known unconditionally

Allowing */.well-known/* allows Let's Encrypt (and likely
similar) services to access static files for ACME validation
during the automated TLS certificate renewal process.
---

diff --git a/contrib/RejectBots.pm b/contrib/RejectBots.pm
index fdfd41a53..3bd01c840 100644
--- a/contrib/RejectBots.pm
+++ b/contrib/RejectBots.pm
@@ -23,7 +23,7 @@ sub call {
 	my $ua = $env->{HTTP_USER_AGENT} // '';
 	return [ 403, [], [] ] if $ua =~ /$bad_ua/o;
 	my $uri;
-	if ($env->{PATH_INFO} !~ /\.css\z/ &&
+	if ($env->{PATH_INFO} !~ m!(?:/\.well-known/|\.css\z)! &&
 			$ua =~ m!\A(?:Mozilla|Opera)/! &&
 			defined($uri = $env->{REQUEST_URI}) &&
 			($env->{HTTP_REFERER} // '') !~ /\Q$uri\E\z/ &&