What is Mod_Rewrite

Think about the last time you visited some shopping website, looking for that one specific thing you needed to buy. When you finally reached the page, the URL most likely looked something like this:


This is not because this website took the time to set up every single directory you would need to make your purchase, but because of a handy module called Mod_Rewrite. Mod_Rewrite allows you to make custom and simplified URLs as needed. In reality, the actual URL may have looked closer to this:


This tutorial will go over Activating Mod_Rewrite, Creating and Using the required .htaccess page, and setting up the URL rewrites.


The steps in this tutorial require the user to have root privileges.

Additionally, you need to have apache installe

sudo apt-get install apache2

1. How to Activate Mod_Rewrites

Before we begin generating the actual URL rewrites, we need to activate the apache mod_rewrite module that controls them. This is simple:

sudo a2enmod rewrite

The command activates the module or—if it is already activated, displays the words, "Module rewrite already enabled"

2. About the .htaccess File:

Once the module has been activated, you can set up your URL rewrites by creating an .htaccess file in your website directory.

An .htaccess file is a way to configure the details of your website without needed to alter the server config files. The period that starts the file name will keep the file hidden within the folder.

Additionally the placement of the .htaccess file is important. The configurations in that file will affect everything in its directory and the directories under it.

You can create the .htaccess file in a text editor (make sure to name it only .htaccess without any other extension or name) and then upload it to your site through an ftp client.

Alternatively you can use this command, replacing the example.com with the name of your site, to create your .htaccess file in terminal.

sudo nano /var/www/example.com/.htaccess

How to permit changes in the .htaccess file:

To allow the .htaccess file to override standard website configs, start by opening up the configuration file. NB: You will need sudo privileges for this step.

sudo nano /etc/apache2/sites-available/default

Once inside that file, find the following section, and change the line that says AllowOverride from None to All. The section should now look like this:

<Directory /var/www/>
           Options Indexes FollowSymLinks MultiViews
           AllowOverride All
           Order allow,deny
           allow from all

After you save and exit that file, restart apache. .htacess files will now be available for all of your sites.

sudo service apache2 restart

Now you are all set up to rewrite your site’s URLs.

How to Rewrite URLs

The entire URL rewriting operation takes place within the .htaccess file.

Overall, all of the URL rewrite commands follow the same pattern:

RewriteRule Pattern Substitution [OptionalFlags]

Here is a short explanation of each part:

  • RewriteRule: This is the section in which you can write in the name of the the mod_rewrite directive that you want to use.
  • Pattern: This section is dedicated to interpreting the requested URL, using regular expressions. This tutorial does not include a discussion of regular expressions, but you can find a useful tutorial on the subject here.
  • Substitution: This is the actual URL of the page with the information we want to display. It may be hard to remember or confusing because of php paremeters or long strings of numbers. eg. www.cityzoo.com/animals.php?mammals=seals
  • Optional Flags: A flag is a tag at the end of the Rewrite Rule directive that may change the behavior of of the expression. Some common flags include [F], making the URL forbidden, [NC], forcing the rule to disregard capitalization, [R=301] or [R=302], controlling the redirect code you want to use, [L] indicating that this is the last rule in a series.

4. Rewrite Conditions

The three examples on the previous page showed how to rewrite URLs to make sites easier to access and remember.

Rewrite Rules can also have conditions to make sure that the rewrites only take place under specific circumstances.

Example 1: How To Prevent Hotlinking

Hotlinking is the process of using an image or object from one server on another one. This action drains bandwidth from the victim's server and denies the creator of the object any additional visitors to their site that they might have gained otherwise.

You can prevent hotlinking by redirecting all the links to an object on your site to some other less pleasant image, or by forbidding the operation altogether.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/.*$ [NC]
RewriteRule .*\.(gif|jpeg|png)$ http://www.example.com/unpleasantness.jpg [R,NC,L]

Now for an explanation:

  • %{HTTP_REFERER}: this refers to where the traffic is coming from. The percent sign indicates that it is an apache variable.
  • !: the exclamation mark negates the pattern following it. In effect, this points out that whatever follows it does not fall under the conditions required to be affected by the rewrite rule.
  • ^$: As mentioned earlier, the caret stands for the beginning of a string and dollar sign for the end of it. In this case, there is nothing between them and therefore the referrer does not exist. In other words, this line states that direct links are not affected by the rewrite rule.
  • The second condition references the referrer once again.
  • !^http://(www\.)?example\.com/.*$: the exclamation point states that the referrer should not be the our own site
  • Finally we get to the rewrite rule itself which states that any link to a file ending with the extensions gif, jpeg, or png will be rerouted to some unpleasant picture to teach hotlinker a lesson. If we simply wanted to forbid them from accessing any image at all, we can make a small edit to the RewriteRule in the last line. Instead of providing an alternative destination, as this line does, you can instead just send the rewrite to a forbidden page:
    RewriteRule .*\.(gif|jpeg|png)$ - [F]

Example 2: How to add www to a URL

Another useful trick that mod_rewrite can do is add www to a domain. Although it’s easy for a person to see that example.com and www.example.com are the same site, search engines register them as duplicates, hurting their rankings.

To resolve the issue you can choose to either consistently remove the www or always have it added to the URL. This example will show how to be sure that the www is always attached.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301]
Now for an explanation:
  • %{HTTP_HOST}: this refers the website in the requested URL
  • ^example.com$: explains that the requested page needs to be example.com
  • ^(.*)$ :The rewrite rule says that any text after can follow the domain.
  • [R=301]: The flag denotes that the URL as being redirected, and the 301 points out that this is a permanent redirect. A temporary one is designated with the number 302. Everything will then convert from example.com to www.example.com

Example 3: Blocking a Specific IP Address

This a useful tool to prevent, for example, malicious parties at specific IP addresses from accessing a site.

RewriteCond %{REMOTE_ADDR} ^(12\.34\.56\.789)$
RewriteRule (.*) - [F,L]

Now for an explanation:

  • %{REMOTE_ADDR}: This stands for the IP address from which our site is being accessed and which we want to block.
  • ^(12\.34\.56\.789)$: You can use this section to type in the malicious IP address. Keep in mind that the backslashes are very important. They designate the periods as punctuation, instead of their standard regular expression use as wildcards.
  • (.*): This signifies that any text from the blocked IP will result in the rewrite rule being completed.
  • [F,L]: the flags finish off the rule. [F] forbids access and [L] stops any other rules from applying, making it the last rule.