Spellbook

What is mod_rewrite?

Mod_rewrite is a rewriting engine (based on regular-expressions) built into the apache webserver and it is used to rewrite urls dynamically. The URL manipulations can depend on various tests, of server variables, environment variables, HTTP headers, or time stamps. Even external database lookups in various formats can be used to achieve highly granular URL matching.

How to install it

Apache by default comes with the mod_rewrite module installed but it is not enabled. So if you have Apache installed on your own server, you will need to enable it.

If you need to install apache on your system, there are many free, easy install packages available:

Xamp - http://www.apachefriends.org/en/xampp.html
apache2triad - http://apache2triad.net/
apachePHPMysql - http://apachephpmysql.narhoz.ru/
EasyWebServer - http://e.w.s.free.fr/index_fr.php
FoxServ - http://sourceforge.net/projects/foxserv/

Setting it up

Once installed, mod_rewrite basically relies on one file for all it’s functionality. It’s called .htaccess. This file should be placed in the root directory of your website.

A simple Redirect

Place the following in a .htaccess file:

RewriteEngine on
RewriteRule ^test\.html$ test2.html

RewriteEngine on should always be placed at the beginning of all your .htaccess files.

Note: If you are using a hosting provider, you may have to place the following line in your file (under rewrite_engine on): RewriteBase /

Script details:

• ^ is used before a URL. If a relative URL is used, it starts in the same directory as the .htaccess file
• $ is used for the end of a string that will be matched.
• \ is used to escape the period, periods need the \ before them if they are not going to be part of the actual rule (in this case, it is part of the filename).

This script will redirect all access from test.html to test2.html. IE: if a user goes to http://www.yoursite.com/test.html, they will be automatically forwarded to http://www.yoursite.com/test2.html

Other interesting uses

A) Blocking a specific Ip addressing from accessing your website.

RewriteCond %{REMOTE_ADDR} ^(W\.X\.Y\.Z)$
RewriteRule ^/* http://www.yoursite.com/sorry.htm [L]

Replace w.x.y.z with the IP you would like to block and http://www.yoursite.com/sorry.htm with the redirected URL.

B) Block/redirect a site that is linking to you

RewriteCond %{HTTP_REFERER} ^http://www\.blockedsite\.com [NC]
RewriteRule ^/* http://www.yoursite.com/sorry.htm [L]

Replace http://www.blockedsite.com/ with site you do not want linking to you, and http://www.yoursite.com/sorry.htm with the redirected URL.

C) preventing people from linking to your images

RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite\.com [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^http://.*$
RewriteRule \.(png |gif | bmp | jpe?g|)$ /images/stopstealing.png [L]

Replace http://www.blockedsite.com/ your site, and /images/stopstealing.png with an image path of choice.

Full Apache Docs: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

By Justin Silverton

Via whenpenguinsattack.com

1. mod_rewrite - Allows you to match url patterns with regular expressions, and do a transparent redirect, or apply a HTTP status code response.
2. mod_deflate - allows you to compress content before sending it to the browser using gzip compression. Browsers have supported the ability to automatically decompress the content for you. It saves lots of bandwidth (sometimes up to 70%), and decreases page download times.
3. mod_security - a module that lets you block content based on form post data, urls, pretty much anything in the request.
4. mod_speling - this module performs spell checking on a url. If your moving from windows to unix (case sensitive) this can save you a lot of time fixing case problems.
5. mod_cache - a content cache keyed to URIs. You can cache in memory, or to disk.
6. mod_setenvif - allows you to handle different environment variables, can be used to block email harvesters, referer spam, etc.
7. mod_auth* - You can authenticate against pretty much any repository you can think of with one of the mod_auth modules, eg mod_auth_mysql, mod_auth_ldap
8. mod_ssl - HTTPS support for Apache.
9. mod_proxy - Turns Apache in to a Forward or Reverse proxy server.
10. mod_benchmark - stores benchmark info and provides charts.

What are your favorite apache modules?

1. Set up an error document in your .htaccess file that redirects every single 404 to a file called maybe redirection.php
2. Add a wildcard DNS record in your zone files, so that [whateverhere].yourdomain.com points to the domain IP.
3. Add a wildcard serveralias in your apache configs by using:
   ServerAlias *.yourdomain.com
4. Write the following code in your redirection.php file

So when someone enters a subdomain, let’s say myself.yourdomain.com they get redirected to yourdomain.com/myself.

You can use mod_rewrite. You’d create an .htaccess with the following content

RewriteEngine On

# Http to https
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] 

This should redirect ALL your http traffic to https. This does require that you have mod_rewrite installed. You also may want to hardcode your site url where %{HTTP_HOST} is incase HTTP_HOST is empty in the headers.

To enable php error reporting on a server that does not have it registered by default, create an .htaccess file in your working directory with the following contents:

php_flag display_errors on

That’s it! Now, your domain will report all php errors even IF the server your working on doesn’t report them by default.