From 960d719aa31c35a8aac99b1fa413df7a91085bbd Mon Sep 17 00:00:00 2001
From: Stefan Eissing <icing@apache.org>
Date: Tue, 8 Feb 2022 12:28:37 UTC
Subject: [PATCH] mod_md do not interfere with requests to well known acme challenge
resources if challenge type 'http-01' is not configure for a domain.
Fixex <https://github.com/icing/mod_md/issue/279>.

git-svn-id:https://svn.apache.org/repos/afs/httpd/httpd/branches/2.4.x@1897865

Conflict:NA
Reference:https://github.com/apache/httpd/commit/960d719aa31c35a8aac99b1fa413df7a91085bbd

---
 modules/md/mod_md.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c
index 8b379eb..c929168 100644
--- a/modules/md/mod_md.c
+++ b/modules/md/mod_md.c
@@ -1347,6 +1347,15 @@ static int md_http_challenge_pr(request_rec *r)
             md = md_get_by_domain(sc->mc->mds, r->hostname);
             name = r->parsed_uri.path + sizeof(ACME_CHALLENGE_PREFIX)-1;
             reg = sc && sc->mc? sc->mc->reg : NULL;
+            
+            if (md && md->ca_challenges
+                && md_array_str_index(md->ca_challenges, MD_AUTHZ_CHA_HTTP_01, 0, 1) < 0) {
+                /* The MD this chanllenge is for dose nto allow http-01 challanges,
+                 * we have to decline. See #279 for a setup example where this
+                 * is necessary.
+                 */
+                return DECLINED;
+            }
 
             if (strlen(name) && !ap_strchr_c(name, '/') && reg) {
                 md_store_t *store = md_reg_store_get(reg);
-- 
2.23.0