"100+ Auto-Installing Software Titles For Your Web Site"
Module mod_rewrite Tutorial (Part 1):
The Apache Server Power Commander
Dirk Brockhausen

You may have encountered the name "mod_rewrite" before
when surfing the web. For all of our readers who are
not intimately familiar with this nifty Apache Web
Server module - and, of course, for those who don't
know it all - we are presenting this small
introductory tutorial as a multipart serial.

Module mod_rewrite is a package of program routines
which can be added to the Apache Web Server.
(Note that it will not run under other web servers!)

Its primary function is the manipulation of URLs.
The module is very versatile as we are going to
illustrate here with a number of real world examples.

However, be very careful and meticulous when working
with it! Some mistakes you might be liable to make
could generate a logical loop, causing a never-ceasing
100% CPU load.

To steer clear from this, we will start off with some
very simple examples.

Before we can get going, however, you will have to
check whether the module is installed on your web
server at all.

There are several ways to go about this:

1. Ask your system administrator - provided he or she
knows. They really should, but unfortunately some
plain do not ...
Take care, though: if you are sharing your host
server with hundreds of other domains, your inquiry
might rouse some sleeping dogs, as usage of
mod_rewrite will always entail some increased CPU

2. Check your Apache configuration file if you can
access it. One possible standard path might be:
However, your mileage may obviously vary.

3. Check it out with one of the following examples.
If it works fine, mod_rewrite is indeed installed
on your system. If it isn't, you will get the
following message when calling any web page of your
choice: "Internal Server Error"

Also, you will see this entry in file "error.log":
"Invalid command 'RewriteEngine', perhaps mis-spelled
or defined by a module not included in the server

If your site generates heavy traffic, this method
is not recommended, as every visitor will receive
this very same error message during your test.

So now let's dig into our first practical example!

We will assume that you will be using mod_rewrite
only for your own web site, i.e. not as a generalized
cross server setup.

To effect this, some entries in file .htaccess are

The .htaccess File
For this technique to work, you will need to upload
a file named ".htaccess" (please note the period/dot
at the beginning of the file name!) to your server
This can be done via telnet or ftp.
(Warning! .htaccess should only be uploaded in "ASCII
mode", i.e. not in binary mode!)

If you already have a ".htaccess" file, for example
one with the following entries:

Options Includes +ExecCGI
AddType text/x-server-parsed-html .html

simply add our code sample to it.

please edit in ASCII or plain text
editor like Notepad etc.

The first two entries will start the module:

RewriteEngine on
Options +FollowSymlinks

Tip: Entry "RewriteEngine off" will override all
subsequent commands. This is a very useful feature:
instead of having to comment out all subsequent
lines, all you need to do is set an "off".

If your system administrator does not allow for
implementation of "Options +FollowSymlinks", you will
not be able to restrict usage of mod_rewrite to
your directories but will instead have to apply it
server wide.

The next required entry is this:

RewriteBase /

"/" stands for the base URL. Should you have another
one, you will want to include it. However, "/" is
normally the entry for "http://www.YourDomain.com".

And now to the entries proper!

Let us assume that you want to block unauthorized
access to your file .htaccess. On some servers
you can easily read this file simply by entering a URL
of the following format in your browser's address
field: http://www.domain.com/.htaccess - a serious
security gap, as your .htaccess file's contents may
reveal more about your site's setup to the educated
eye than you may want others to know.

To block this access, enter the following:

RewriteRule ^\.htaccess$ - [F]

This rule translates to:

If someone tries to access file .htaccess, system
shall generate error code "HTTP response of 403".

The file name ^\.htaccess$ is contained in a regular
expression, to wit:

^    Start of line anchor
$    End of line anchor
\.   In regular expressions the dot "." denotes a
     meta character and must be protected by a
     backslash (\) if you want an actual dot (period)

The file name must be located exactly between start
and end of line anchor. This will ensure that only
this specific file name and no other will generate
the error code.

[F] : special flag "forbidden".

In this example, the complete ".htaccess" file will
now consist of these lines:

RewriteEngine on
Options +FollowSymlinks
RewriteBase /
RewriteRule ^\.htaccess$ - [F]

If we add our code to a pre-existing ".htaccess" file,
we might, for example, get the following entries:

Options Includes +ExecCGI
AddType text/x-server-parsed-html .html
RewriteEngine on
Options +FollowSymlinks
RewriteBase /
RewriteRule ^\.htaccess$ - [F]

This introduction covers the basics required to
operate with mod_rewrite.

In the second part of this tutorial we will explain
the use of conditions in configuring the module.

You may check up general documentation here:
Module mod_rewrite URL Rewriting Engine:

A Users Guide to URL Rewriting with the
Apache Webserver:

(to be continued ...)


[Main text: 904 words/5933 characters]
This text may freely be republished or distributed
provided the following resource box is included intact
either at the beginning or the end of the article and
a complimentary copy or notice (link) is sent to the
author at the address specified below:

Dirk Brockhausen is the co-founder and principal of
fantomaster.com Ltd. (UK) and fantomaster.com GmbH
(Belgium), a company specializing in webmasters
software development, industrial-strength cloaking and
search engine positioning services. He holds a
doctorate in physics and has worked as an SAP
consultant and software developer since 1994. He is
also Technical Editor of fantomNews, a free newsletter
focusing on search engine optimization, available at:
< http://fantomaster.com/fantomnews-sub.html >
You can contact him at
mailto:[email protected]
(c) copyright 2000 by fantomaster.com

[ Back ] [ Main Menu ]

Download Fuse Node.js Compiler