3 files changed, 15 insertions, 2 deletions

diff --git a/internal/acme/acme.go b/internal/acme/acme.go
index 039be32a..607dcc23 100644
--- a/internal/acme/acme.go
+++ b/internal/acme/acme.go
@@ -26,7 +26,7 @@ func (m *Middleware) ServeAcmeChallenges(w http.ResponseWriter, r *http.Request,
 		return false
 	}
 
-	if !isAcmeChallenge(r.URL.Path) {
+	if !IsAcmeChallenge(r.URL.Path) {
 		return false
 	}
 
@@ -37,7 +37,7 @@ func (m *Middleware) ServeAcmeChallenges(w http.ResponseWriter, r *http.Request,
 	return m.redirectToGitlab(w, r)
 }
 
-func isAcmeChallenge(path string) bool {
+func IsAcmeChallenge(path string) bool {
 	return strings.HasPrefix(filepath.Clean(path), "/.well-known/acme-challenge/")
 }
 
diff --git a/internal/redirects/redirects.go b/internal/redirects/redirects.go
index 24ce8692..a0d0a774 100644
--- a/internal/redirects/redirects.go
+++ b/internal/redirects/redirects.go
@@ -14,6 +14,7 @@ import (
 
 	"gitlab.com/gitlab-org/labkit/log"
 
+	"gitlab.com/gitlab-org/gitlab-pages/internal/acme"
 	"gitlab.com/gitlab-org/gitlab-pages/internal/vfs"
 )
 
@@ -100,6 +101,10 @@ func (r *Redirects) Status() string {
 // Rewrite takes in a URL and uses the parsed Netlify rules to rewrite
 // the URL to the new location if it matches any rule
 func (r *Redirects) Rewrite(originalURL *url.URL) (*url.URL, int, error) {
+	if acme.IsAcmeChallenge(originalURL.Path) {
+		return nil, 0, ErrNoRedirect
+	}
+
 	rule, newPath := r.match(originalURL.Path)
 	if rule == nil {
 		return nil, 0, ErrNoRedirect
diff --git a/internal/redirects/redirects_test.go b/internal/redirects/redirects_test.go
index 8cad98f8..a15d8413 100644
--- a/internal/redirects/redirects_test.go
+++ b/internal/redirects/redirects_test.go
@@ -123,6 +123,14 @@ func TestRedirectsRewrite(t *testing.T) {
 			expectedStatus: http.StatusOK,
 			expectedErr:    "",
 		},
+		{
+			name:           "does_not_redirect_acme_challenges",
+			url:            "/.well-known/acme-challenge/token",
+			rule:           "/* /to/path 200",
+			expectedURL:    "",
+			expectedStatus: 0,
+			expectedErr:    ErrNoRedirect.Error(),
+		},
 	}
 
 	for _, tt := range tests {