Several mod_rewrite Tricks for a Better Web Application
Published: July 21st, 2008 by: Andrew
Apache's .htaccess file options makes it easy to have clean URLs, smart redirects, and even control SSL connections. In this post, I am going to give you several tips on how you make your web applications smarter. Note that your server must support mod_rewrite in order to use these tips.
Make Sure Everyone is on the Same Domain
Even if you don’t have multiple domains pointing to your site, it’s possible that www.example.com and just example.com will work. If that’s the case, Google and other search engines could be crawling your site twice and the website could take a ranking hit for duplicate content. The following example shows how we can redirect visitors from two domains down to one.
RewriteCond %{HTTP_HOST} ^www.example.net$ [NC,OR]
RewriteCond %{HTTP_HOST} ^example.net$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example.com$ [NC]
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]
Force SSL on Specific Site Directories
I use SSL on a couple of my sites, but it doesn’t need to be enabled (or forced) on the entire site, so we use .htaccess mod_rewrite rules to enforce SSL where we need it. The following peice of code will force SSL on all requests in the directory named ‘secure’.
RewriteCond %{HTTPS} off
RewriteRule ^secure/.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Both of these lines need to be copied if we need to enforce more than one directory, so if we need the directory ‘secure’ and the the directory ‘users’ secured, we would use this code.
RewriteCond %{HTTPS} off
RewriteRule ^secure/.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]RewriteCond %{HTTPS} off
RewriteRule ^users/.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
For the rest of the site, we don’t need SSL, so use something like this if we have the ‘secure’ and ‘users’ directory with SSL enabled.
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !secure/.*$
RewriteCond %{REQUEST_URI} !users/.*$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Force SSL on a Domain or Sub-Domain
Similar to the need above, we can force SSL on an entire domain if we need to.
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^wells-it.com$ [NC]
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Take a Website Offline
If a website needs to go down for maintenance or whatever, that can be done with a simple few lines of code. Just remember to change the page’s path in both lines where you see not-up.htm, or you could create a redirect loop.
RewriteCond %{REMOTE_HOST} !^123\.214\.71\.126
RewriteCond %{REQUEST_URI} !/static/not-up\.htm$
RewriteRule .* /static/not-up.htm [R=302,L]
Remove ‘index.php’ From the URL
This is one that will come in handy if you use CodeIgniter or any other framework that sends all requests through index.php. Basically, this code checks to see if the URL request exists as a static file or directory. If does, it would be a picture, style sheet, javascript include, etc. If it is not found, then it assumes that it must be for the framework to handle, and it sends it to the index.php file.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
Keep Visitors Off the Stage
On my large sites, I have both a production copy and a stage copy. The stage copy is where I do all my developing and testing. When I am satisfied with the changes, I push the changes to my live site. The problem is that I don’t want site visitors seeing my stage copy, so I use some mod_rewrite code to keep them off. You need to know your IP address for this one, and if you have a dynamic IP, you will have to change the file every time you get a new one.
RewriteCond %{REMOTE_HOST} !^56\.51\.98\.126
RewriteCond %{HTTP_HOST} ^stage.wells-it.com$ [NC]
RewriteRule ^(.*)$ http://wells-it.com/$1 [R=301,L]
If you have multiple IP address that you want access to the stage, you can just add another condition.
RewriteCond %{REMOTE_HOST} !^56\.51\.98\.126
RewriteCond %{REMOTE_HOST} !^74\.65\.95\.128
RewriteCond %{HTTP_HOST} ^stage.wells-it.com$ [NC]
RewriteRule ^(.*)$ http://wells-it.com/$1 [R=301,L]
Turn .htaccess Into a Web Application Firewall
I didn’t write this one, so I can’t take credit for it, but you can find the code here. It contains some very slick code to keep malicious page requests from getting through to your web applications.
Final Notes
Since some of these URL rewrites actually redirect the browser, it’s possible to get into a redirect loop where you will never satisfy the rules you have in place, and the browser will redirect forever…until it detects a loop and stops with an error. If this happenes, try to see where the loop is or post a comment if you’re stuck.
Matt
Jul 28th, 2008
4:56 pm
You can never have too many mod_rewrite guides…here’s another I’ll have to bookmark.
Aug 19th, 2009
5:12 pm
[…] Several Mod_Rewrite Tricks for a Better Web Application – Covers a number of basic and more advanced mod_rewrite tricks. […]
Aug 25th, 2009
5:12 pm
[…] Several Mod_Rewrite Tricks for a Better Web Application – Covers a number of basic and more advanced mod_rewrite tricks. RewriteE […]
Mar 24th, 2011
12:30 am
[…] Several Mod_Rewrite Tricks for a Better Web Application – Covers a number of basic and more advanced mod_rewrite tricks. Possibly related posts: (automatically generated)Zend Framework rewriting rules explained (.htaccess) […]
Robert Kristensen
Nov 19th, 2011
9:12 am
I am trying to redirect
kategorier?uid=[number]
to
index.php?option=com_comprofiler&task=userProfile&user=[number]
but it does not work, what am i doing wrong?
RewriteRule kategorier\?uid=([0-9]+) index.php?option=com_comprofiler&task=userProfile&user=$1 [R=301,L]
Regards Robert