Skip to content
RealinfoSec.net

RealinfoSec.net

InfoSec News, Cybersecurity Awareness

  • Home
  • InfoSec News
    • Data Breach News
    • Latest Vulnerabilities
  • What Is InfoSec
  • CyberSecurity Newsletter
  • Cyber Academy
  • Cyber Help Desk
  • Cyber Knowledge Base
  • Contact Us
    • Contribute
  • My Bookmarks
  • Subscribers
    • Knowledge Quizzes
    • Register
  • Login
    • Password Reset
  • Register
  • Privacy Policy
    • Legal
  • Toggle search form
apache htaccess

USING .HTACCESS REWRITE RULES

Posted on 25 November 202031 December 2021 By RiSec.Mitch No Comments on USING .HTACCESS REWRITE RULES

How to use .htaccess to rewrite rules

OVERVIEW

The Apache module mod_rewrite allows you to rewrite URL requests that come into your server and is based on a regular-expression parser. The examples presented here show how to:

Direct requests for one subdirectory to a different subdirectory or the primary directory (document root)
Example: http://example.com/folder1/ becomes http://example.com/folder2/ or just http://example.com/.

Direct requests to a subdirectory
Example: http://example.com/file.html becomes http://example.com/folder1/file.html.

Add www to every request
Example: http://example.com becomes http://www.example.com. Or, convert http:// to https://.

Convert URL to all lowercase using Rewrite Map
Example: YourDomaIn.com/recIpeS.html becomes yourdomain.com/recipes
This will help prevent typos from producing http errors. 

mod_rewrite

When implemented correctly, mod_rewrite is very powerful. There are many other applications for mod_rewrite that you can learn about at apache.org. Please reference their website for other possible rewrite scenarios.

These examples are provided as a courtesy – (mt) Media Temple does not design custom rewrite rules for individual customer websites.

READ ME FIRST

Advanced Support can help!

If you’re having trouble with the steps in this article, additional assistance is available via our free Support, our dedicated team of infosec specialists. For more information on what we can do for you, please click here.

Requirements

Before you start, please have handy:

  • FTP user credentials

INSTRUCTIONS

  1. Create a plain text .htaccess file (click the link for details on this type of file), or add the lines from the example to the top of your existing .htaccess file.
  2. Add the lines from the appropriate example to your file. Note that you should replace example text with your own information. Replace example.com with your own domain, folder1 with your own folder name, file.html with your own file name, etc. Save your changes.
  3. Use  or  to upload the file to the document root of the appropriate domain. If your domain is example.com, you should upload the file to:
    • /var/www/vhosts/example.com/httpdocs/

That’s it! Once you’ve uploaded the file, the rewrite rule should take effect immediately.

Some Content Management Systems (CMSs), like WordPress for example, overwrite .htaccess files with their own settings. In that case, you may need to figure out a way to do your rewrite from within the CMS.

Direct requests for one subdirectory to a different subdirectory or the document root

http://example.com/folder1/ becomes http://example.com/folder2/ or just http://example.com/.

domains/example.com/html/folder2/ must exist and have content in it for this to work..htaccess

This .htaccess file will redirect http://example.com/folder1/ to http://example.com/folder2/. Choose this version if you don’t have the same file structure in both directories:

Filename: .htaccess

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^folder1.*$ http://example.com/folder2/ [R=301,L]
  • This .htaccess file will redirect http://example.com/folder1/ to plain http://example.com/. Choose this version if you want people redirected to your home page, not whatever individual page in the old folder they originally requested:

Filename: .htaccess.

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^folder1.*$ http://example.com/ [R=301,L]
  • This .htaccess file will redirect http://example.com/folder1/file.html to http://example.com/folder2/file.html. Choose this version if your content is duplicated in both directories:

File name: .htaccess

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^folder1/(.*)$ http://gs.mt-example.com/folder2/$1 [R=301,L]

Test

Upload this file to folder2 (if you followed the first or third example) or your html folder (if you followed the second example) with FTP:

Recommended:  Footprinting Firewalls | Reconnaissance Tutorial [FREE COURSE CONTENT]

Filename: index.html

<html>
<body>
Mod_rewrite is working!
</body>
</html>

Then, if you followed the first or second example, visit http://example.com/folder1/ in your browser. You should see the URL change to http://example.com/folder2/ or http://example.com/ and the test page content.

If you followed the third example, visit http://example.com/folder1/index.html. You should be redirected to http://example.com/folder2/index.html and see the test page content.

Code explanation

  • Options +FollowSymLinks is an Apache directive, prerequisite for mod_rewrite.
  • RewriteEngine On enables mod_rewrite.
  • RewriteRule defines a particular rule.
  • The first string of characters after RewriteRule defines what the original URL looks like. There’s a more detailed explanation of the special characters at the end of this article.
  • The second string after RewriteRule defines the new URL. This is in relation to the document root (html) directory. / means the html directory itself, and subfolders can also be specified.
    • $1 at the end matches the part in parentheses () from the first string. Basically, this makes sure that sub-pages get redirected to the same sub-page and not the main page. Leave it out to redirect to the main page. (It is left out in the first two examples for this reason. If you don’t have the same content in the new directory that you had in the old directory, leave this out.)
  • [R=301,L] – this performs a 301 redirect and also stops any later rewrite rules from affecting this URL (a good idea to add after the last rule). It’s on the same line as RewriteRule, at the end.

DIRECT REQUESTS TO A SUBDIRECTORY

http://example.com/file.html becomes http://example.com/folder1/file.html.

Note: The directory folder1 must be unique in the URL. It won’t work for http://example.com/folder1/folder1.html. The directory folder1 must exist and have content in it.

.HTACCESS

  • This .htaccess file will redirect http://example.com/file.html to http://example.com/folder1/file.html:

Filename: .htaccess

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} example.com$ [NC]
RewriteCond %{HTTP_HOST} !folder1
RewriteRule ^(.*)$ http://example.com/folder1/$1 [R=301,L]

Test

Upload this file to folder1 with FTP:

Filename: index.html

<html>
<body>
Mod_rewrite is working!
</body>
</html>

Then, visit http://example.com/ in your browser. You should see the URL change to http://example.com/folder1/ and the test page content.Code explanation

  • Options +FollowSymLinks is an Apache directive, prerequisite for mod_rewrite.
  • RewriteEngine On enables mod_rewrite.
  • RewriteCond %{HTTP_HOST} shows which URLs we do and don’t want to run through the rewrite.
    • In this case, we want to match example.com.
    • ! means “not.” We don’t want to rewrite a URL that already includes folder1, because then it would keep getting folder1 added, and it would become an infinitely long URL.
  • [NC] matches both upper- and lower-case versions of the URL.
  • RewriteRule defines a particular rule.
  • The first string of characters after RewriteRule defines what the original URL looks like. There’s a more detailed explanation of the special characters at the end of this article.
  • The second string after RewriteRule defines the new URL. This is in relation to the document root (html) directory. / means the html directory itself, and subfolders can also be specified.
    • $1 at the end matches the part in parentheses () from the first string. Basically, this makes sure that sub-pages get redirected to the same sub-page and not the main page. Leave it out to redirect to the main page of the subdirectory.
  • [R=301,L] – this performs a 301 redirect and also stops any later rewrite rules from affecting this URL (a good idea to add after the last rule). It’s on the same line as RewriteRule, at the end.
Recommended:  2020 A Beginner’s Guide to .htaccess for Designers and Developers

ADD WWW OR HTTPS

http://example.com becomes http://www.example.com. Or, http://example.com becomes https://example.com..htaccess

  • This .htaccess file will redirect http://example.com/ to http://www.example.com/. It will also work if an individual file is requested, such as http://example.com/file.html:

Filename:.htaccess

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
  • This .htaccess file will redirect http://example.com/ to https://example.com/. It will also work if an individual file is requested, such as http://example.com/file.html:

Filename: .htaccess

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Test

Visit http://example.com in your browser. You should see that the same page is displayed, but the URL has changed to http://www.example.com (first example) or https://example.com (second example).

Also, http://example.com/file.html will become http://www.example.com/file.html or https://example.com/file.html.Code explanation

  • Options +FollowSymLinks is an Apache directive, prerequisite for mod_rewrite.
  • RewriteEngine On enables mod_rewrite.
  • RewriteCond %{HTTP_HOST} shows which URLs we do and don’t want to run through the rewrite.
    • In this case, we want to match anything that starts with example.com.
  • [NC] matches both upper- and lower-case versions of the URL.
  • RewriteRule defines a particular rule.
  • The first string of characters after RewriteRule defines what the original URL looks like. There’s a more detailed explanation of the special characters at the end of this article.
  • The second string after RewriteRule defines the new URL. This is in relation to the document root (html) directory. / means the html directory itself, and subfolders can also be specified.
    • $1 at the end matches the part in parentheses () from the first string. Basically, this makes sure that sub-pages get redirected to the same sub-page and not the main page.
  • [R=301,L] – this performs a 301 redirect and also stops any later rewrite rules from affecting this URL (a good idea to add after the last rule). It’s on the same line as RewriteRule, at the end.

CONVERT URL TO ALL LOWERCASE USING REWRITE MAP

This .htaccess rule will make sure that all characters entered into a url are converted to lowercase. This helps prevents errors caused by typos.

www.examPLe.com/recIPes becomes www.example.com/recipes 

Note: Because this rule requires an edit to a server level configuration file, Grid and Managed WordPress users will not be able to implement this rule. 

In order for this to work properly, you must also add a directive to your vhost file (httpd.conf):

<IfModule mod_rewrite.c>
        RewriteMap lc int:tolower
</IfModule>
  •  For Plesk: Navigate to Domains > example.com > Web Hosting Settings > Additional Apache Directives, and place the above code. 

Next, open your .htaccess and add the following lines:

RewriteEngine On 
RewriteCond %{REQUEST_URI} [A-Z] 
RewriteRule . ${lc:%{REQUEST_URI}} [R=301,L]

Note: Instead of using RewriteMap to convert URLs to lowercase, it is recommended by Apache that mod_spelling be used to ignore case sensitivities. 

Test

Navigate to your domain using a combination of uppercase and lowercase letters.

 Code Explanation

  • RewriteEngine On enables mod_rewrite.
  • RewriteCond %{REQUEST_URI} [A-Z] – Grabs the entered address.
  • RewriteRule . ${lc:%{REQUEST_URI}} – Uses the ‘lc’ variable that was added to the vhost file to convert all characters to lowercase. 
  • [R=301,L] – Performs a 301 redirect and also stops any later rewrite rules from affecting this URL (a good idea to add after the last rule). It’s on the same line as RewriteRule, at the end.
Recommended:  GOOGLE TRANSLATE API HACKING

Regular expressions

Rewrite rules often contain symbols that make a regular expression (regex). This is how the server knows exactly how you want your URL changed. However, regular expressions can be tricky to decipher at first glance. Here’s some common elements you will see in your rewrite rules, along with some specific examples.

  • ^ begins the line to match.
  • $ ends the line to match.
    • So, ^folder1$ matches folder1 exactly.
  • . stands for “any non-whitespace character” (example: a, B, 3).
  • * means that the previous character can be matched zero or more times.
    • So, ^uploads.*$ matches uploads2009, uploads2010, etc.
    • ^.*$ means “match anything and everything.” This is useful if you don’t know what your users might type for the URL.
  • () designates which portion to preserve for use again in the $1 variable in the second string. This is useful for handling requests for particular files that should be the same in the old and new versions of the URL.

See more regular expressions at perl.org.

TROUBLESHOOTING

404 NOT FOUND

Examine the new URL in your browser closely. Does it match a file that exists on the server in the new location specified by the rewrite rule? You may have to make your rewrite rule more broad (you may be able to remove the $1 from the second string). This will direct rewrites to the main index page given in the second string. Or, you may need to copy files from your old location to the new location.

If the URL is just plain wrong (like http://example.com/folder1//file.html – note the two /s) you will need to re-examine your syntax. (mt) Media Temple does not support syntax troubleshooting.

INFINITE URL, TIMEOUT, REDIRECT LOOP

If you notice that your URL is ridiculously long, that your page never loads, or that your browser gives you an error message about redirecting, you likely have conflicting redirects in place.

You should check your entire .htaccess file for rewrite rules that might match other rewrite rules. You may also need to check .htaccess files in subdirectories. Note that FTP will not show .htaccess files unless you have enabled the option to view hidden files and folders. See our .htaccess article for details.

Also, it’s possible to include redirects inside HTML and PHP pages. Check the page you were testing for its own redirects.

Adding [L] after a rewrite rule can help in some cases, because that tells the server to stop trying to rewrite a URL after it has applied that rule.

Bookmark

Please login to bookmark

Social Comments Box
  • About
  • Latest Posts
RiSec.Mitch
Just your average information security researcher from Delaware US.
Latest posts by RiSec.Mitch (see all)
  • Google Open-Source Vulnerability Scanning Tool - 18 January 2023
  • Polymorphic Malware Produced by ChatGPT - 18 January 2023
  • Russian Hackers Repurpose Decade-Old Malware Infrastructure to Deploy New Backdoors - 8 January 2023
Share the word, let's increase Cybersecurity Awareness as we know it

No related articles.

Cybersecurity Academy Tags:.htaccess howto, how to rewrite htaccess, how to use htaccess, htaccess rewrite howto, htaccess rules rewrite, rewrite .htaccess

Post navigation

Previous Post: 2020 A Beginner’s Guide to .htaccess for Designers and Developers
Next Post: SyncBreeze 10.0.28 – (password) Remote Buffer Overflow Exploit

Related Posts

Hacked Websites Threat Report 2021 Hacked Websites Threat Report 2021 Cybersecurity Academy
google2 GOOGLE TRANSLATE API HACKING Cybersecurity Academy
typical popup scam Scam Baiting (Scum-baiting) with a Windows 10 Host using Oracle’s vBox Cybersecurity Academy
Credential Stuffing What is credential stuffing? And how to prevent it? Cybersecurity Academy
What Is Privilege Escalation Attack What Is Privilege Escalation Attack? How To Prevent It? Cybersecurity Academy
cybersecurity news TOP 10 Most Dangerous logins most regularly found for sale online Cybersecurity Academy

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RiSec Captcha − 1 = 6

AbuseIPDB Contributor Badge

Follow Our Socials:

Latest InfoSec News

Data Breach News InfoSec News

JD Sports: Cyber Attack affects 10 million customers

RiSec.n0tst3
30 January 2023 0
what is infosec
Cybersecurity Academy

InfoSec – A Newbie Guide – InfoSecurity

RiSec.n0tst3
25 January 2023 0
google
Cybersecurity Academy How to

Google Open-Source Vulnerability Scanning Tool

RiSec.Mitch
18 January 2023 0
InfoSec News

Polymorphic Malware Produced by ChatGPT

RiSec.Mitch
18 January 2023 0
russia
InfoSec News

Russian Hackers Repurpose Decade-Old Malware Infrastructure to Deploy New Backdoors

RiSec.Mitch
8 January 2023 0
latest cybersecurity news
InfoSec News

Dridex Banking Malware Targets MacOS users with a new delivery method

RiSec.Mitch
8 January 2023 0
ransomware
InfoSec News

Microsoft Discloses Methods Employed by 4 Ransomware Families Aiming at macOS

RiSec.Mitch
8 January 2023 0
InfoSec News

$8 billion in cryptocurrency withdrawals strike US bank Silvergate

RiSec.Mitch
8 January 2023 0

Featured Posts

cve-2022-38970
Data Security Featured How to InfoSec News Vulnerabilities

ieGeek Security Vulnerabilities still prevalent in 2022 IG20

RiSec.n0tst3
28 August 2022 6
Data Security Featured InfoSec News

Hacking Campaign Steals 10,000 Login Credentials From 130 Different Organizations

RiSec.n0tst3
27 August 2022 0
DDoS
Featured InfoSec News

Google mitigates largest DDoS Attack in History – Peaked at 46 Million RPS

RiSec.n0tst3
19 August 2022 1
Security researcher contacted me
Cybersecurity Academy Featured How to

A Security Researcher Contacted Me – What should I do?

RiSec.n0tst3
30 June 2022 0
google chrome
Featured InfoSec News

Google Chrome extensions can be easily fingerprinted to track you online

RiSec.n0tst3
19 June 2022 0
MFA
Cybersecurity Academy Data Security Featured

3 Steps To Better Account Security

RiSec.n0tst3
21 February 2022 0
hardening vps security
Cybersecurity Academy Featured

HARDEN YOUR VPS: Steps to Hardening your VPS Security

RiSec.n0tst3
10 January 2022 2

Share the joy

Copyright © 2022 RealinfoSec.net. CyberSecurity News & Awareness. All Trademarks, Logos And Brand Names Are The Property Of Their Respective Owners

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
en English
af Afrikaanssq Albanianam Amharicar Arabichy Armenianaz Azerbaijanieu Basquebe Belarusianbn Bengalibs Bosnianbg Bulgarianca Catalanceb Cebuanony Chichewazh-CN Chinese (Simplified)zh-TW Chinese (Traditional)co Corsicanhr Croatiancs Czechda Danishnl Dutchen Englisheo Esperantoet Estoniantl Filipinofi Finnishfr Frenchfy Frisiangl Galicianka Georgiande Germanel Greekgu Gujaratiht Haitian Creoleha Hausahaw Hawaiianiw Hebrewhi Hindihmn Hmonghu Hungarianis Icelandicig Igboid Indonesianga Irishit Italianja Japanesejw Javanesekn Kannadakk Kazakhkm Khmerko Koreanku Kurdish (Kurmanji)ky Kyrgyzlo Laola Latinlv Latvianlt Lithuanianlb Luxembourgishmk Macedonianmg Malagasyms Malayml Malayalammt Maltesemi Maorimr Marathimn Mongolianmy Myanmar (Burmese)ne Nepalino Norwegianps Pashtofa Persianpl Polishpt Portuguesepa Punjabiro Romanianru Russiansm Samoangd Scottish Gaelicsr Serbianst Sesothosn Shonasd Sindhisi Sinhalask Slovaksl Slovenianso Somalies Spanishsu Sudanesesw Swahilisv Swedishtg Tajikta Tamilte Teluguth Thaitr Turkishuk Ukrainianur Urduuz Uzbekvi Vietnamesecy Welshxh Xhosayi Yiddishyo Yorubazu Zulu