Review: Do not discard paths other than '/errors/' and '/.well-known/…

…acme-challenge/' on redirect/proxy (Apache2)

CHANGELOG

@@ -10,6 +10,7 @@ CONFIG
     Fixed: Bad value for X-Forward-* headers (Proxy feature / Apache2 ssl vhosts) -- Backported from 1.6.x
     Security: Protect both /var/www/virtual and /var/www/imscp directories from entire access (Apache2)
     Review: SSL parameters for both Apache2 and Nginx Web servers
+    Review: Do not discard paths other than '/errors/' and '/.well-known/acme-challenge/' on redirect/proxy (Apache2)
 
 DISTRIBUTION
     Added: Support for Ubuntu Bionic Beaver (18.04) LTS

configs/debian/apache/parts/domain.tpl

@@ -108,7 +108,7 @@
     </Directory>
 
     # SECTION std_fwd BEGIN.
-    RedirectMatch {FORWARD_TYPE} ^/((?!(?:errors|\.well-known)/).*) {FORWARD}$1
+    RedirectMatch {FORWARD_TYPE} ^/((?!(?:errors/|\.well-known)/acme-challenge/).*) {FORWARD}$1
     # SECTION std_fwd END.
     # SECTION proxy_fwd BEGIN.
     # SECTION ssl_proxy BEGIN.
@@ -117,7 +117,7 @@
     RequestHeader set X-Forwarded-Proto "{X_FORWARDED_PROTOCOL}"
     RequestHeader set X-Forwarded-Port {X_FORWARDED_PORT}
     ProxyPreserveHost {FORWARD_PRESERVE_HOST}
-    ProxyPassMatch ^/((?!(?:errors|\.well-known)/).*) {FORWARD}$1 retry=30 timeout=7200
+    ProxyPassMatch ^/((?!(?:errors/|\.well-known)/acme-challenge/).*) {FORWARD}$1 retry=30 timeout=7200
     ProxyPassReverse / {FORWARD}
     # SECTION proxy_fwd END.
     # SECTION fwd END.

configs/debian/apache/parts/domain_disabled.tpl

@@ -29,6 +29,6 @@
     # SECTION dmn END.
 
     # SECTION fwd BEGIN.
-    RedirectMatch {FORWARD_TYPE} ^/((?!\.well-known/).*) {FORWARD}$1
+    RedirectMatch {FORWARD_TYPE} ^/((?!\.well-known/acme-challenge/).*) {FORWARD}$1
     # SECTION fwd END.
 </VirtualHost>