From 531350a1c130b26b099f7987409a481de5b165c1 Mon Sep 17 00:00:00 2001 From: Philipp Kunz Date: Tue, 18 Mar 2025 14:56:57 +0000 Subject: [PATCH] fix(Port80Handler): Restrict ACME HTTP-01 challenge handling to domains with acmeMaintenance or acmeForward enabled --- changelog.md | 6 ++++++ ts/00_commitinfo_data.ts | 2 +- ts/classes.port80handler.ts | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/changelog.md b/changelog.md index 3a4ace1..6f456ac 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,11 @@ # Changelog +## 2025-03-18 - 4.2.6 - fix(Port80Handler) +Restrict ACME HTTP-01 challenge handling to domains with acmeMaintenance or acmeForward enabled + +- Updated challenge handler in ts/classes.port80handler.ts to include a check for (options.acmeMaintenance || options.acmeForward) +- Prevents unintended processing of ACME challenges when ACME configuration is not enabled + ## 2025-03-18 - 4.2.5 - fix(networkproxy) Refactor certificate management components: rename AcmeCertManager to Port80Handler and update related event names from CertManagerEvents to Port80HandlerEvents. The changes update internal API usage in ts/classes.networkproxy.ts and ts/classes.port80handler.ts to unify and simplify ACME certificate handling and HTTP-01 challenge management. diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts index 1a14094..a496ca1 100644 --- a/ts/00_commitinfo_data.ts +++ b/ts/00_commitinfo_data.ts @@ -3,6 +3,6 @@ */ export const commitinfo = { name: '@push.rocks/smartproxy', - version: '4.2.5', + version: '4.2.6', description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.' } diff --git a/ts/classes.port80handler.ts b/ts/classes.port80handler.ts index eb37d5e..869d7fa 100644 --- a/ts/classes.port80handler.ts +++ b/ts/classes.port80handler.ts @@ -408,7 +408,7 @@ export class Port80Handler extends plugins.EventEmitter { const options = domainInfo.options; // If the request is for an ACME HTTP-01 challenge, handle it - if (req.url && req.url.startsWith('/.well-known/acme-challenge/')) { + if (req.url && req.url.startsWith('/.well-known/acme-challenge/') && (options.acmeMaintenance || options.acmeForward)) { // Check if we should forward ACME requests if (options.acmeForward) { this.forwardRequest(req, res, options.acmeForward, 'ACME challenge');