Htaccess, Apache, And Rewrites! Oh, My! Apache... · Home Blog Htaccess, Apache, And Rewrites! Oh, My! Htaccess, Apache, And Rewrites! Oh, My! As a web designer or developer, it is

Home Blog Htaccess, Apache, And Rewrites! Oh, My!

Htaccess, Apache, And Rewrites! Oh, My!

As a web designer or developer, it is important to know how to use the htaccess file to your

advantage. It is a very powerful tool, and can even work as a deterrent for bandwidth

thieves, exploits, and hackers. Below are some common examples of rules to consider

when developing websites. We hope you find them useful.

Jump To Redirect Example

Rewrite Engine1.

Basic Redirect2.

HTML to PHP3.

Remove File Extensions4.

Add WWW To Domain5.

Remove WWW From Domain6.

Add Trailing Slash7.

Remove Trailing Slash8.

Remove Query String9.

Remove Trailing Question Mark10.

Remove Trailing Index File11.

Remove Index File From URL12.

HTTP to HTTPS13.

HTTPS to HTTP14.

Deny Access To Htaccess15.

Enable Caching16.

Disable Caching On Dynamic Pages17.

Example Htaccess File18.

Rewrite Engine

In order for any of these rules to work, the first thing we need to do is turn on the rewrite

engine.

Options +FollowSymLinks1.

RewriteEngine On2.

Crucial Web Hosting » Blog » Htaccess, Apache, A... http://www.crucialwebhost.com/blog/htaccess-apa...

1 of 17 04/11/2008 02:00 PM

The first line of code is a security feature that must be enabled for the rewrite rules to work.

In most cases, this is already set up by your host, but it won’t hurt to list it again here. This

is just telling the server to follow symbolic links. If you are a Windows user, this would be

the same as a shortcut. You may not need the first line though, but it is important to

understand why you might need to add it.

The second line is what actually turns the rewrite engine on. It does nothing for us though.

Basic Redirect

There are a couple reasons why you would use a basic redirect. Let’s say you just

re-structured and organized your files, but you wanted visitors who were still using the old

filename to be able to access the new one. They might have bookmarked the page, or

found it in a search engine.

RewriteRule ^old-filename.php$ /new-filename.php [R=301,L]1.

The first part of the rule is looking for a request for old-filename.php. If it finds it, it will

visually redirect the visitor to new-filename.php. In the last part of the rule, we’re using a

redirect flag with a 301 code attribute attached, which is a permanent redirect. If we had

just used [R] without adding the code parameter, the code would have been a 302, which

is a temporary redirect. We want to use a permanent one so search engines know that the

old file does not exist anymore.

There is also a caret in front of old-filename.php and a dollar sign at the end. These are

regular expressions, and the caret tells us to the request must start with this, while the

dollar sign means it must end with this. We will talk more about flags and regular

expressions in an upcoming article.

The last thing we want to point out is the forward slash in front of new-filename.php. If we

were to specify the base path for rewriting, we would not need this, but since we did not,

we need to add it. If we wanted to drop it though, we would add the following directive after

we turn the rewrite engine on:

RewriteBase /1.

It just depends on what you find easier. The base for rewriting URLs will always be the

root of your website.

There is also another way to perform redirects without using mod_rewrite. We can use

mod_alias instead:


2 of 17 04/11/2008 02:00 PM

Redirect 301 /old-filename.php http://www.domain.com/new-filename.php1.

Redirect Permanent /old-filename.php http://www.domain.com/new-filename.php2.

Both lines of code work, but you only need to use one. We could also do a temporary

redirect:

Redirect /old-filename.php http://www.domain.com/new-filename.php1.

Redirect 302 /old-filename.php http://www.domain.com/new-filename.php2.

Redirect Temp /old-filename.php http://www.domain.com/new-filename.php3.

All three lines would work, but we only need to use one. If you don’t specify anything after

the Redirect, it will use the default temporary redirect (a 302), just like our redirect flag.

HTML to PHP

What if we recently converted our site to PHP, but all of the old filenames were using the

.html extension? It wouldn’t make sense to create a redirect rule for each file. So instead

we could do this:

RewriteRule ^(.*).html /$1.php [R=301,L]1.

Anytime a request for a file with the .html extension is made, it will be redirected to the

same file but with our new .php extension.

Of course, we could always change the way Apache handled HTML files, letting them act

like PHP files instead.

AddType application/x-httpd-php .php .html .htm1.

Remove File Extensions

But file extensions are so ugly! Maybe you want to give the illusion that your individual files

are actually directories:

RewriteRule ^(.*)/$ /$1.php [L]1.

So we could have a bunch of files in our root directory that looked like this:

http://www.domain.com/services.php1.

http://www.domain.com/products.php2.

http://www.domain.com/about.php3.


3 of 17 04/11/2008 02:00 PM

http://www.domain.com/links.php4.

http://www.domain.com/contact.php5.

And they could instead look like this:

http://www.domain.com/services/1.

http://www.domain.com/products/2.

http://www.domain.com/about/3.

http://www.domain.com/links/4.

http://www.domain.com/contact/5.

Add WWW To Domain

One of the first things you should decide when you create a new site, or at least early on, is

if you’re going to have the WWW in your domain or not. This is important not only

aesthetically, but for search engine optimization.

By forcing visitors and search engines to your preferred domain, you can guarantee that

you won’t end up with duplicate results or different page ranks for your domain with or

without the WWW. I personally think domains look naked without them, and there is a

reason why we use the WWW in the first place.

See, not everyone enters the WWW when they type in a domain. Some leave it out, while

others always type it in. If you’re familiar with the keyboard shortcuts built in to your

browser, simply typing the domain without the TLD extension (e.g. domain instead of

domain.com) and then holding CTRL + Enter will add the www. before the domain name,

and a .com after it (other keyboard shortcuts will use .org or .net).

You might have been to a site before and noticed that if you don’t type the WWW in, you get

an error page telling you that the page cannot be found. It all depends on how your host or

server administrator has decided to set this up, but usually your domain will work with or

without the WWW.

RewriteCond %{HTTP_HOST} ^domain.com$ [NC]1.

RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]2.

The first line is a rewrite condition that is looking at the current hostname, which can be

something like www.domain.com , domain.com , sub.domain.com , or an IP address.

The second part of this line is checking to see if the hostname does not have a WWW in

front of it, and if it does not find one, it moves to the second line, and redirects all requests


4 of 17 04/11/2008 02:00 PM

to the same domain with the WWW in front of it. If the WWW is already there, then this rule

is ignored because it would not meet the condition in the first line.

The NC flag at the end of the first line just means to ignore the case of what the request is,

so we could type in DoMain.com and it wouldn’t matter. The R=301 flag means we are going

to visually redirect the visitor to our domain with the WWW.

A 301 code is a permanent redirect, and that is important because it also tells search

engines that this isn’t a temporary thing (which is what a 302 code would be).

The L flag means this is the last rule to follow in this set. Any other rules or conditions after

this will not be factored into this rule.

Remove WWW From Domain

Others prefer to remove the WWW, and for this rule, we’re just doing the exact opposite of

the previous example.

RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]1.

RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]2.

Add Trailing Slash

The use of a trailing slash is also important to consider. By default, your web browser will

add a trailing slash to the end of a URL. It makes sense to have the trailing slash

too—except for files—because it means we’re in a directory.

RewriteCond %{REQUEST_FILENAME} !-f1.

RewriteCond %{REQUEST_URI} !(.*)/$2.

RewriteRule ^(.*)$ http://www.domain.com/$1/ [R=301,L]3.

The first line is a special variant that says if a file is requested and it exists, then we should

ignore this rule and not add a trailing slash to it. Remember, file names do not have a

trailing slash after them, but directories do.

The second line checks to see if a trailing slash already exists, and if it does, then it can

ignore this rule too because it does not need to add one.

The last line, of course, adds a trailing slash if the previous two conditions are not met,


5 of 17 04/11/2008 02:00 PM

and we are using the R and L flag here like we did in the previous two examples. You will

see both of these flags throughout our examples.

There are times when you do not want the trailing slash. For example, if you do a search

on the Crucial Domain Finder, you will notice that there is no trailing slash. Whatever is at

the end of the URL is the query that our script is looking at.

If you want to do something like this, we can specify which directories to not apply this rule

to.


RewriteCond %{REQUEST_URI} !directory/(.*)$2.



The second line is a new condition we have added to our rule. It is saying that if the

requested URL contains a directory named directory, that this directory, and everything

inside of it, should not receive a trailing slash.

Note: If your host has mod_dir enabled, make sure that you turn off the directory slash,

which is enabled by default. This directive will add a trailing slash at the end of a directory

regardless of the rules you set up. To disable this, add this to the top of your htaccess file:

DirectorySlash Off1.

Be careful when turning off the trailing slash. Please read the following:

Turning off the trailing slash redirect may result in an information disclosure.

Consider a situation where mod_autoindex is active (Options +Indexes) and

DirectoryIndex is set to a valid resource (say, index.html) and there’s no other

special handler defined for that URL. In this case a request with a trailing slash

would show the index.html file. But a request without trailing slash would list

the directory contents.

If you are adding a trailing slash to everything, then you don’t even need to use this rewrite

rule, but if you wanted to have a specific directory not receive a slash, you are going to want

to add this slash rule and then this directive.

Remove Trailing Slash


6 of 17 04/11/2008 02:00 PM

Just like with the WWW example, some prefer to remove the trailing slash. It’s a commonly

debated question that you’ll find around the Internet, but it just depends on what you prefer.

Remember though, your browser and even your server, by default, add a trailing slash to a

directory. It is done for a reason. If you must strip the trailing slash though, this is how you

would do it:


RewriteCond %{REQUEST_URI} !(.*)$2.


The explanation for this rule is the same as it is for when we want to add a trailing slash,

just in reverse. We can also specify specific directories that we don’t want apply this rule

to.


RewriteCond %{REQUEST_URI} !directory/(.*)$2.

RewriteCond %{REQUEST_URI} !(.*)$3.


Please see the note about mod_dir and the DirectorySlash directive in the previous

example. You might need to turn this directive off.

Remove Query String

If you’ve taken the time to convert your ugly URLs to pretty ones, you may not want people

typing in query strings. This rule will strip any query string attached to the end of a URL.

RewriteCond %{QUERY_STRING} .1.

RewriteRule ^(.*)$ http://www.domain.com/$1? [R=301,L]2.

The first line is checking to see if there is a query string. If it finds a query string, it removes

it.

Remove Trailing Question Mark

Sometimes a rogue question mark will remain at the end of your URL. It’s certainly not

pretty, and this rule will make sure you never see it again.

RewriteCond %{THE_REQUEST} \?\ HTTP [NC]1.


7 of 17 04/11/2008 02:00 PM

RewriteRule .? http://www.domain.com%{REQUEST_URI}? [R=301,L]2.

If you’re using the previous rule to remove the query string entirely, you will want to use this

rule after that one to remove the rogue question mark.

Remove Trailing Index File

With more sites and freely available PHP software using rewritten URLs, a lot of people

don’t like to have any files in their URL. With the index.php file being the most common, we

can strip this out of the URL. A common place for this is the very root of your website:

www.domain.com/index.php becomes www.domain.com

RewriteCond %{THE_REQUEST} \/index.php\ HTTP1.

RewriteRule (.*)index.php$ /$1 [R=301,L]2.

The first line is looking at the request, and if it finds index.php, it moves to the second line,

where it is stripped from the end. If you had other file extensions, like .html, we could add

those to the condition as well:

RewriteCond %{THE_REQUEST} \/index.(php|html)\ HTTP1.

RewriteRule (.*)index.(php|html)$ /$1 [R=301,L]2.

We just wrap the file extensions in parenthesis and separate them by a pipe.

Remove Index File From URL

You might have been to a website where the URL looks something like this:

http://www.domain.com/index.php/b log/my-first-article/

Blogs and CMS applications typically have an index file that handles all of the requests,

which is why you see this. It’s definitely worthless, and quite ugly. Not a problem though,

we can easily remove that.



8 of 17 04/11/2008 02:00 PM

RewriteCond %{REQUEST_FILENAME} !-d2.

RewriteRule ^(.*)$ /index.php/$1 [L]3.

We have seen the first special variant before, but the second one is checking to see if the

request contains a directory that exists. If neither of these conditions is met, we are going

to process all requests to our index.php file, but without showing it in the URL.

HTTP to HTTPS

This comes in handy if you have something like a secure order form or login area. On

Crucial, we have two areas where the HTTPS protocol is used, the client login area and

the order form.

We can make sure people are using the secure version for these sections with the

following rule. Just replace the word "directory" on the second line with the name of the

directory that needs to use the secure version.

RewriteCond %{HTTPS} !=on1.

RewriteRule ^directory$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]2.

HTTPS to HTTP

If visitors to your site are leaving a secure area and say, going back to other, non-secure

portions of your site, it’s a good idea to make sure that we go back to the standard HTTP

protocol.

On the second line, we would enter the name of the directory where we do not want to

send visitors to the non-secure version. It is most likely going to be the same as the

directory you entered in the previous example.

RewriteCond %{HTTPS} =on1.

RewriteCond %{REQUEST_URI} !^/directory2.

RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]3.

Deny Access To Htaccess


9 of 17 04/11/2008 02:00 PM

If you don’t want people looking at your .htaccess file, then this rule will take care of that.

<files .htaccess>1.

order allow,deny2.

deny from all3.

</files>4.

Enable Caching

It’s a good idea to cache files that hardly ever change. How long the caching lasts for is up

to you. If you change things up frequently, try an hour or two. In this example, we’re caching

media, JavaScript, and CSS files.

# 1 Hour = 36001.

# 1 Day = 432002.

# 1 Week = 6048003.

# 1 Month = 25920004.

# 1 Year = 290304005.

<filesMatch "\\.(flv|gif|jpg|jpeg|png|ico|swf|js|css)$">6.

Header set Cache-Control "max-age=2592000, public"7.

</filesMatch>8.

If you need to enter an expiration time that isn’t listed here, you can use Google to convert it

to seconds for you.

Disable Caching On Dynamic Pages

There are times when you want to disable caching completely, and you would typically do

this for dynamic pages that change a lot, like a blog article or forum post.

<filesMatch "\.(php|cgi)$">1.

Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"2.

</filesMatch>3.

Example Htaccess File

Now that we’ve seen examples for individual rules, here is what your htaccess file might


10 of 17 04/11/2008 02:00 PM

look like:

Options +FollowSymLinks1.

2. RewriteEngine On3.

4. ##### Add WWW ###############################################5.

RewriteCond %{HTTP_HOST} ^domain.com$ [NC]6.


8. ##### Remove query string ###################################9.

RewriteCond %{QUERY_STRING} .10.

RewriteRule ^(.*)$ http://www.domain.com/$1? [L]11.

12. ##### Remove trailing question mark #########################13.

RewriteCond %{THE_REQUEST} \?\ HTTP [NC]14.

RewriteRule .? http://www.domain.com%{REQUEST_URI}? [R=301,L]15.

16. ##### Remove trailing index file ############################17.

RewriteCond %{THE_REQUEST} \/index.php\ HTTP [NC]18.

RewriteRule (.*)index.php$ /$1 [R=301,L]19.

20. ##### Add trailing slash ####################################21.




25. ##### Deny access to htaccess ###############################26.

<files .htaccess>27.

order allow,deny28.

deny from all29.

</files>30.

31. ##### Cache media files #####################################32.

<filesMatch "\\.(flv|gif|jpg|jpeg|png|ico|swf|js|css)$">33.

Header set Cache-Control "max-age=2592000, public"34.

</filesMatch>35.

36. ##### Don't cache dynamic pages #############################37.

<filesMatch "\.(php|cgi)$">38.

Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"39.

</filesMatch>40.

How Do I…

If there’s something you don’t see on here but would like to know how to do, just leave a

comment and we’ll add it to the list.


11 of 17 04/11/2008 02:00 PM

Conclusion

There are so many other things you can do with your htaccess file. Most, if not all, of the

examples listed here should work with your host. For more information on rewriting, check

out the Apache documentation.

Stay Tuned!

Stay tuned for our upcoming article that will explain rewriting rules, conditions,

backreferences, flags, and regular expressions in much greater detail. You can subscribe

to our RSS feed in your favorite reader to be notified of new articles.

This entry was posted on Thursday , September 27, 2007, at 4:20 am, and is f iled under Apache, Htaccess,

Mod_Rewrite. You can f ollow any responses to this entry through the RSS 2.0 f eed. You can leav e a response, or

trackback f rom y our own site.

Subscribe Now

Subscribe to our blog by RSS or by email.

Related Posts

Magento Hosting1.

Ruby On Rails & FastCGI (fCGI) In OpenBSD2.

Split-Shared Technical Analysis3.

Magento Commerce Install Guide4.

Comments (22)

David Airey on 28 September 2007 said:

Superb, Kyle.

I don’t know much about .htaccess, and what I do know, doesn’t get me anywhere, so this

is great.

I need to sort mine out, as currently, I have a .co.uk domain, redirecting to the .com, but the


12 of 17 04/11/2008 02:00 PM

.co.uk/insert-page-here directs to the .com/index.php

Others have said that you shouldn’t direct anything to your index.php file, so I need to figure

that out.

Kyle on 28 September 2007 said:

Hey Dave,

Send me your htaccess via email and I’ll take a look. Let me know what you want

redirected to where. The next article we’re working on will explain this a lot more. I already

had to cut this article down by two pages so…

Anyways, the next article should give you a much better understanding of how rewrites

work.

If you’d like to see a specific example, just ask, we’ll add it up. Take care, looking forward

to your next article as well.

David Airey on 28 September 2007 said:

Nice one. Sent you an email, and thanks again.

Adrian on 01 October 2007 said:

Hi Kyle,

Thanks for the article, I’ve started to implement some of the stuff in it. However there is one

thing I can’t quite figure out from what you have put up. I have a load of directories ie /stuff

/articles/ that I would like to redirect to /stuff/articles.php, preferably invisibly. I’m probably

just being stupid, but I can’t work it out from your article. Any help would be much

appreciated.

Kyle on 01 October 2007 said:

Adrian,

Could you explain a bit more, I don’t think I’m understanding what you want. Are these

physical directories that need to direct to a filename that are the same name as the

directories?


Hi Kyle,

It turns out I was just being stupid yesterday. What I’ve done is to combine the remove file

extension with the add slashes. This now treats /articles.php as the index of /articles/ as

well as removing the extensions from the files in the articles directory. Thanks for the

article, my brain must have been turned off yesterday so I didn’t understand it properly.



13 of 17 04/11/2008 02:00 PM

Hi Kyle

I’ve found a small problem with the removing the extension code. If a file does not exist,

doesnotexist redirects to doesnotexist.php which redirects to doesnotexist.php.php which

redirects ad infinitum. I’ve tried stopping the above from happening with the lines:

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_URI} !(.*).php(.*)$

But these haven’t really had any effect. Any ideas?

AskApache on 16 October 2007 said:

Hey Kyle nice explanations and guide, I like your formatting.

The ultimate htaccess tutorial has been updated by the way.. check it out!

Kyle on 16 October 2007 said:

Hey Adrian,

I sort of figured people would be running into issues with the extension thing, and when I

wrote that section, I originally was going to tell people to only redirect for what you know

needs to be redirected, e.g. manually list each file and it’s counterpart instead of using

regex to handle everything.

How I personally would do this on a smaller site, would be to setup an individual rule for

each file. I’ll use the files I listed in that section as an example:

RewriteRule ^services/$ services.php [L]

RewriteRule ^products/$ products.php [L]

RewriteRule ^about/$ about.php [L]

RewriteRule ^links/$ links.php [L]

RewriteRule ^contact/$ contact.php [L]

That’s assuming you’re creating a fresh site and you weren’t originally using the *.php

extension. If you were, then just change [L] to [R=301,L]

I would have to look at how you would redirect to the 404 page if the PHP didn’t actually

exist, but I would still recommend typing in each one individually.

It also makes more sense that way because if you wanted to further add rules to a specific

page, let’s use the products.php page as an example, you could do this:

RewriteRule ^products/$ products.php

RewriteRule ^products/(.*)/$ products.php?id=$1 [QSA,L]

So your end result URL would come out as something like this:

domain.com/products/23/


14 of 17 04/11/2008 02:00 PM

And then your products.php page would have something as simple as:

<?

if($_GET['id']) {

// Grab product from DB

} else {

// Show all products

}

?>

Now, on a bigger site, I would, of course, use a framework to handle all of this so you

wouldn’t have to think about rewrite rules, either custom or something like CodeIgniter.

I’ll take a look though, and if I come up with something I will let you know, or if anyone

knows how to do that, by all means post

David Airey on 23 January 2008 said:

Hey Kyle,

I want to add www to my logodesignlove site, but when I enter the above code to my

.htaccess (pasted from Notepad) the rule won’t compute properly.

Like you, I also prefer to see web addresses with the www, and any help here would be

much appreciated.

Kyle on 23 January 2008 said:

David:

In WordPress, make sure that in the Options section, the WordPress address (URL) and

Blog address (URL) have the www in the URL.

David Airey on 23 January 2008 said:

That worked a treat Kyle.

Again, thank you.

kayol on 06 March 2008 said:

As a Web Hosting Provider we understand the importances of htaccess file to your

advantage and wish more of our clients used redirects correctly in they’re development

websites because the lost of backlinks can be hugh. If you do the redirects correctly in

htaccess you can keep your pang rank and better seo your website.

alex on 20 March 2008 said:

Very very good list, it is going to my bookmarks!

btw, I think you forgot one of the id’s in the list headings (#remove-trailing-index-file)

If you click it it doesn’t scroll down to the heading


15 of 17 04/11/2008 02:00 PM

ZTN on 21 March 2008 said:

Hey Kyle, great article.

How would I remove: ?page= from my URLs?

example:

http://mydomain.co.uk/?page=shop

Kyle on 21 March 2008 said:

ZTN

Are you trying to convert that to a “pretty URL” or is it a meaningless query string attached

to the end of the URL that needs to be removed completely?

Like, do you want it so when people go to:

yourdomain.com/shop/

…that it functions the same as:

yourdomain.com?page=shop

ZTN on 21 March 2008 said:

Hi Kyle, thanks for the reply.

Thats ideally what I would like, I’ve discovered some things won’t quite work, or I don’t

know how to make it work. We use Simple Machines Forum with TinyPortal.

Theres:

index.php?action=

index.php?page=

So:

http://mydomain.co.uk/index.php?action=calendar

http://mydomain.co.uk/index.php?page=shop

removing: /index.php/ doesn’t work from the examples above as it has no slash between

the .php and the ?.

removing the trailing http://…./index.php does work. I’ve tried various ways before posting

and I can’t get it working.

Regards

Chris


16 of 17 04/11/2008 02:00 PM

Trackbacks & Pingbacks

Getting stuff done — This and that1.

Creative resources 01 November 2007 :: David Airey :: Graphic and Logo Designer2.

The Genius Tech Blog » Blog Archive » .htaccess / mod_rewrite Tutorials3.

links for 2008-03-20 | Tom Arnold4.

Strip/Add the www from your URLs | Urbano's Blog5.

Helpful Hint

To post HTML or other code, wrap y our text in the <code> tag.

Copy right © 2006-2008 Crucial Web Hosting, Ltd. All Rights Reserv ed.

Split-Shared™ and other serv ice names are the trademarks of Crucial Web Hosting, Ltd.

Home · Domains · Hosting · Af f iliates · Company · Support · Whois · Crucial Cash · Crucial Blog · Policies · Login ·

Top


17 of 17 04/11/2008 02:00 PM

Documents

Htaccess, Apache, And Rewrites! Oh, My! Apache... · Home Blog Htaccess, Apache, And Rewrites! Oh, My! Htaccess, Apache, And Rewrites! Oh, My! As a web designer or developer, it is