MOD_REWRITE is a versitile and some what complex utility which can be extremely useful for directing traffic on a web server. It is a real good idea to be well versed in regex for this one.
The basic principal is to create a condition to apply a rule. If a condition or all conditions match the rule is applied.
CREATED2017-06-11 15:31:48.0
00-29-F1
UPDATED2017-06-11 15:31:53.0
Rewrite Condition
RewriteCond %{REQUEST_URI}^phpmyadmin$ [NC]
Rewrite Condition - The condition to apply the rule. The condition is made up of three parts:
Test String or Input
Condition - what to match against
Flags
Example: to deny anyone looking for phpmyadmin, which is a fairly common thing for hackers to do, a condition may look like this...
This condition will match the request of phpmyadmin and in-turn apply a rule, depending on other conditions (if any). The [NC] at the end is a flag for No Case i.e. makes the condition case insensitive.
CREATED2017-04-20 01:07:17.0
00-29-A7
UPDATED2017-06-11 15:31:52.0
Rewrite Rule
RewriteRule ^- [F,L]
When the conditions match in whole or in part (depending on the flags) the rule is applied. The rule is broken down into three parameters:
Pattern - the pattern to match
Substitution - what to change the pattern to
Flags - what to do when the rule is used - Flags are optional
This rule will basically do nothing but send the requester to a 403 - Forbidden error page. The Flags indicate Forbidden and Last.
CREATED2017-04-20 01:13:06.0
00-29-AC
UPDATED2017-06-11 15:07:28.0
Rewrite Flags
The flags determine the behavior of a condition or rule. For example all conditions are ANDed together which means they all must apply or match for the rule to engage. However the OR flag can change that.
This is a list of mod_rewrite flags. Each is a link that goes directly to the apache documentation. Note: these docs are for version 2.4.
Variables available to MOD_Rewrite conditions and rules:
API_VERSION
AUTH_TYPE
CONTENT_LENGTH
CONTENT_TYPE
DOCUMENT_ROOT
GATEWAY_INTERFACE
IS_SUBREQ
ORIG_PATH_INFO
ORIG_PATH_TRANSLATED
ORIG_SCRIPT_FILENAME
ORIG_SCRIPT_NAME
PATH
PATH_INFO
PHP_SELF
QUERY_STRING
REDIRECT_QUERY_STRING
REDIRECT_REMOTE_USER
REDIRECT_STATUS
REDIRECT_URL
REMOTE_ADDR
REMOTE_HOST
REMOTE_IDENT
REMOTE_PORT
REMOTE_USER
REQUEST_FILENAME
REQUEST_METHOD
REQUEST_TIME
REQUEST_URI
SCRIPT_FILENAME
SCRIPT_GROUP
SCRIPT_NAME
SCRIPT_URI
SCRIPT_URL
SCRIPT_USER
SERVER_ADDR
SERVER_ADMIN
SERVER_NAME
SERVER_PORT
SERVER_PROTOCOL
SERVER_SIGNATURE
SERVER_SOFTWARE
THE_REQUEST
TIME
TIME_DAY
TIME_HOUR
TIME_MIN
TIME_MON
TIME_SEC
TIME_WDAY
TIME_YEAR
TZ
UNIQUE_ID
CREATED2019-01-15 21:24:05.0
007-00-00-B8
UPDATED2020-08-20 12:56:42.0
HTTP Variables
HTTP_ACCEPT
HTTP_ACCEPT_CHARSET
HTTP_ACCEPT_ENCODING
HTTP_ACCEPT_LANGUAGE
HTTP_CACHE_CONTROL
HTTP_CONNECTION
HTTP_COOKIE
HTTP_FORWARDED
HTTP_HOST
HTTP_KEEP_ALIVE
HTTP_PROXY_CONNECTION
HTTP_REFERER
HTTP_USER_AGENT
CREATED2019-01-15 21:29:48.0
007-00-00-B9
UPDATED2020-08-20 12:56:46.0
HTTPS Variables
SSL_CIPHER
SSL_CIPHER_ALGKEYSIZE
SSL_CIPHER_EXPORT
SSL_CIPHER_USEKEYSIZE
SSL_CLIENT_VERIFY
SSL_PROTOCOL
SSL_SERVER_A_KEY
SSL_SERVER_A_SIG
SSL_SERVER_CERT
SSL_SERVER_I_DN
SSL_SERVER_I_DN_C
SSL_SERVER_I_DN_CN
SSL_SERVER_I_DN_L
SSL_SERVER_I_DN_O
SSL_SERVER_I_DN_OU
SSL_SERVER_I_DN_ST
SSL_SERVER_M_SERIAL
SSL_SERVER_M_VERSION
SSL_SERVER_S_DN
SSL_SERVER_S_DN_CN
SSL_SERVER_S_DN_O
SSL_SERVER_S_DN_OU
SSL_SERVER_V_END
SSL_SERVER_V_START
SSL_SESSION_ID
SSL_VERSION_INTERFACE
SSL_VERSION_LIBRARY
CREATED2019-01-15 21:29:55.0
007-00-00-BA
UPDATED2020-08-20 12:56:48.0
Problems with Your Rule?
Check this:
Make sure the variable is preceeded with a % for Apache variables and a $ for variables you defined: Apache: %{REQUEST_URI} NOT ${REQUEST_URI}. Yours : ${MY_LOCAL_VARIABLE} NOT %{MY_LOCAL_VARIABLE}.