g1smd - 7:49 pm on Jan 10, 2013 (gmt 0)

You can run the site only on rewrites, without any redirects, but you will soon end up with duplicate content issues as the "alternative ways" of accessing the content are discovered and indexed. The redirects keep searchengines on the right path.

Yes, the domain should always be in the redirects.

It is possible to have more generalised code but it is a lot less efficient.

As for understanding the code, RewriteRules are a simple idea. The difficult bit is in reading the RegEx patterns.

The RegEx pattern (on the left) matches the URL that the browser has requested and the rule target (on the right) is either a new URL (when coded as a redirect) or an internal path and file (when coded as a rewrite).

The rules in the htaccess file rewrite valid URL requests (as defined by the RegEx pattern) to target the right internal file that will produce the content. When there's a URL request that is trying to directly and improperly access a resource, a redirect tells the browser to request a different URL.

The rules that redirect, test THE_REQUEST in a preceding RewriteCond. This ensures that only the unwanted or non-canonical external requests for that resource are redirected.

You do not want to redirect requests that are the result of a previous internal rewrite, otherwise you would either expose the previously rewritten request back out on to the web as a new URL or you would end up with a redirect-rewrite infinite loop.

Browser requests: example.com/cms/pagename.php <- malicious request
External redirect received: "301 www.example.com/pagename"

Browser requests: www.example.com/pagename <- site should link to this one
Internal rewrite to: /cms/pagename.php
Browser receives the page content.

Notice the initial non-canonical external request and the internal rewrite are both for "/cms/pagename.php". It is only the fact that the rule that redirects also checks THE_REQUEST that prevents an infinite loop.