For the holidays, I decided to gift readers with a series of some useful but fun posts titled “.htaccess redirection fun with mod_rewrite“. The series is dedicated to the fun you can have with Apache redirection while keeping tight security of your website. Though not for the faint of heart, one can have fun toying around with .htaccess and mod_rewrite declarations. Up front, folks, this is probably NSFW if you are an IT administrator at any kind of corporate or academic enterprise. And messing around in this area of your website can crash your website, lock you out, or make it open to rogues.
This project arose from one of my favorite WordPress plugins, which started as iThemes Security, now Solid Security from SolidWP. Their extensive use of .htaccess programming gave me some ideas (Why is your fly open to the world?). Perusal of the access log gave me other fun .htaccess redirection ideas.
Before we continue, because I don’t want to waste your time, comes the first rub. Do you have root? Stop here if you don’t have root on your server. You will not be able to use .htaccess redirection if you don’t have root. Root is necessary to enable mod_rewrite.
.htaccess
.htaccess is a text configuration file at the document root of your website. Usually found in /var/www/html on default Apache server installations. .htaccess may also reside in other areas of your website. The file contains access and redirection declarations and applies to the folder where it resides and subsequent folders.
There are several very good online documents that describe it’s syntax. For example, popular official documentation is at:
https://httpd.apache.org/docs/current/howto/htaccess.html
mod_rewrite
However, we don’t get to the true fun till we enable mod_rewrite on our server. mod_rewrite is a module that usually resides at /etc/apache2/mods-available on the server. To enable, one uses the command ‘sudo a2enmod mod_rewrite’. I would also recommend a server restart. In like fashion, to disable, one uses the opposite command, ‘sudo a2dismod mod_rewrite’.
What mod_rewrite allows is
By default, mod_rewrite maps a URL to a filesystem path. However, it can also be used to redirect one URL to another URL, or to invoke an internal proxy fetch. mod_rewrite provides a flexible and powerful way to manipulate URLs using an unlimited number of rules.
Apache Software Foundation.
It is important to realize that the documentation for mod_rewrite is extensive. As shown above, official documentation is at:
https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
https://httpd.apache.org/docs/2.4/rewrite/flags.html
Equally important, unofficial documentation that I’ve found useful is at:
https://www.askapache.com/htaccess/modrewrite-tips-tricks/
https://corz.org/server/tricks/htaccess2.php
mod_rewrite is a beast, with unforgiving syntax. There is no room for error, so test when possible before placing the server live on the web after changes. At any rate, you can have lots of fun in this process while monitoring the logs. Lets look at some fun examples: