Menu
Late last year my web host added the following rules to my .htaccess file for my domain.
#RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
#RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
#RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
#RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
I tried searching the internet for this Ballot169 term, and saw that other people have labeled this particular set of rules as some sort of DDOS protection. What attack is this preventing? What is this Ballot169 folder? Is it part of the normal functioning of cPanel SSL configuration?
I also use Let's Encrypt, but couldn't find any indication that it was related.
554
asked Jan 31 '26 18:01
This code is automatically added to the .htaccess file because of the free SSL certificates that are being installed on the server. Now that there are a lot of companies that offer free ssl certificates, like letsencrypt, the servers (like cpanel) automatically assign ssl certs to all domains. The domain needs to verify ownership, so they create a file inside the .well-known folder so they can verify the domain actually works. They modify the htaccess file so none of your re-write rules affect that folder.
I thought it was weird too, but its safe.
93
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
