Make Sure Everyone is on the Same Domain

Even if you don’t have multiple domains pointing to your site, it’s possible that www.example.com and just example.com will work.  If that’s the case, Google and other search engines could be crawling your site twice and the website could take a ranking hit for duplicate content.  The following example shows how we can redirect visitors from two domains down to one.

RewriteCond %{HTTP_HOST} ^www.example.net$ [NC,OR]
RewriteCond %{HTTP_HOST} ^example.net$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example.com$ [NC]
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]

Force SSL on Specific Site Directories

I use SSL on a couple of my sites, but it doesn’t need to be enabled (or forced) on the entire site, so we use .htaccess mod_rewrite rules to enforce SSL where we need it.  The following peice of code will force SSL on all requests in the directory named ‘secure’.

RewriteCond %{HTTPS} off
RewriteRule ^secure/.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Both of these lines need to be copied if we need to enforce more than one directory, so if we need the directory ‘secure’ and the the directory ‘users’ secured, we would use this code.

RewriteCond %{HTTPS} off
RewriteRule ^secure/.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} off
RewriteRule ^users/.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

For the rest of the site, we don’t need SSL, so use something like this if we have the ‘secure’ and ‘users’ directory with SSL enabled.

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !secure/.*$
RewriteCond %{REQUEST_URI} !users/.*$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Force SSL on a Domain or Sub-Domain

Similar to the need above, we can force SSL on an entire domain if we need to.

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^wells-it.com$ [NC]
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Take a Website Offline

If a website needs to go down for maintenance or whatever, that can be done with a simple few lines of code.  Just remember to change the page’s path in both lines where you see not-up.htm, or you could create a redirect loop.

RewriteCond %{REMOTE_HOST} !^123\.214\.71\.126
RewriteCond %{REQUEST_URI} !/static/not-up\.htm$
RewriteRule .* /static/not-up.htm [R=302,L]

Remove ‘index.php’ From the URL

This is one that will come in handy if you use CodeIgniter or any other framework that sends all requests through index.php.  Basically, this code checks to see if the URL request exists as a static file or directory.  If does, it would be a picture, style sheet, javascript include, etc.  If it is not found, then it assumes that it must be for the framework to handle, and it sends it to the index.php file.

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

Keep Visitors Off the Stage

On my large sites, I have both a production copy and a stage copy.  The stage copy is where I do all my developing and testing.  When I am satisfied with the changes, I push the changes to my live site.  The problem is that I don’t want site visitors seeing my stage copy, so I use some mod_rewrite code to keep them off.  You need to know your IP address for this one, and if you have a dynamic IP, you will have to change the file every time you get a new one.

RewriteCond %{REMOTE_HOST} !^56\.51\.98\.126
RewriteCond %{HTTP_HOST} ^stage.wells-it.com$ [NC]
RewriteRule ^(.*)$ http://wells-it.com/$1 [R=301,L]

If you have multiple IP address that you want access to the stage, you can just add another condition.

RewriteCond %{REMOTE_HOST} !^56\.51\.98\.126
RewriteCond %{REMOTE_HOST} !^74\.65\.95\.128
RewriteCond %{HTTP_HOST} ^stage.wells-it.com$ [NC]
RewriteRule ^(.*)$ http://wells-it.com/$1 [R=301,L]

Turn .htaccess Into a Web Application Firewall

I didn’t write this one, so I can’t take credit for it, but you can find the code here.  It contains some very slick code to keep malicious page requests from getting through to your web applications.

Final Notes

Since some of these URL rewrites actually redirect the browser, it’s possible to get into a redirect loop where you will never satisfy the rules you have in place, and the browser will redirect forever…until it detects a loop and stops with an error.  If this happenes, try to see where the loop is or post a comment if you’re stuck.