1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:13 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

creating ip exception for redirect in .htaccess

         

waterworks

6:02 pm on Jul 10, 2013 (gmt 0)

10+ Year Member



Webhost: Bluehost

I have a current website with an X-cart install located on the server at: http://www.example.com/store/

In the Control Panel for Bluehost, I used a feature to create a redirect for webroot to kick people into the store.

My question is this: How do I create an exception for my own IP address so I can reach the webroot level: example.com ?

I would like to develop a new store at the webroot but obviously I automatically get kicked to /store/ directory if I try to access the webroot.

Here is what current .htaccess looks like: 

# Use PHP5 as default
AddHandler application/x-httpd-php5 .php

RewriteEngine on

# Clean URLs [[[
# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymLinks -MultiViews -Indexes
Options +SymLinksIfOwnerMatch -MultiViews -Indexes
<IfModule mod_rewrite.c>
RewriteBase /store/
RewriteCond %{REQUEST_URI} !^/store/(payment|admin|provider|partner)/
RewriteCond %{REQUEST_FILENAME} !\.(gif|jpe?g|png|js|css|swf|php|ico)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ dispatcher.php [L]
</IfModule>
# /Clean URLs ]]]

AuthName "/store"
AuthUserFile "/home8/domaincom/.htpasswds/public_html/passwd"

RewriteCond %{HTTP_HOST} ^example.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteRule ^/?$ "http\:\/\/www\.example\.com\/store" [R=301,L]



I'm guessing I'll have to add some line of code with my IP address to create a rule, and place this above the the last three lines in the .htaccess file? Perhaps something like: 

RewriteCond %{REMOTE_ADDR} !=1.3.3.7


But would the [L] flag shown on the last line of my current .htaccess file cancel out any additional redirect changes I add, even if the changes were above it? Can someone help out an htaccess newb?

Thanks.

[edited by: phranque at 7:32 pm (utc) on Jul 10, 2013]
[edit reason] Please Use Example.com [webmasterworld.com] [/edit]

phranque

8:04 pm on Jul 10, 2013 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



welcome to WebmasterWorld, waterworks!


you have the correct solution with adding this to the ruleset (before the RewriteRule): 
RewriteCond %{REMOTE_ADDR} !=1.3.3.7



you don't need the IfModule - you either have mod_rewrite or you don't.


your external redirects should precede your internal rewrites or you risk exposing your internal urls.


you can simplify the two existing conditionals: 
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$

however i'm not sure why you need to test for the hostname here.


RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/store" [R=301,L]

in .htaccess context there will never be a leading slash in the request.
also, the Substitution string is not a regular expression so you don't need to escape any special characters and it should not be quoted.
since you are redirecting to a directory (i assume) you should have a trailing slash.
you probably want this: 
RewriteRule ^$ http://www.domain.com/store/ [R=301,L]



you should have an additional ruleset (after the store redirect ruleset) to handle the generic hostname canonicalization redirect.


would the [L] flag shown on the last line of my current .htaccess file cancel out any additional redirect changes I add, even if the changes were above it?

not sure i understand the question.
the "ruleset" includes the conditionals and the RewriteRule.
the [L] flag applies to the RewriteRule only.

<edit1>...and it should not be quoted.</edit1>
<edit2>removed an extraneous backslash in the suggested RewriteRule</edit2>

[edited by: phranque at 6:02 am (utc) on Jul 12, 2013]

lucy24

9:05 pm on Jul 10, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Edit:
Well, that's what comes of opening multiple tabs and then typing slowly. I didn't see phranque's post while I was composing mine, so there will be major overlaps. No serious contradictions, I hope.

Urk. You've already got evidence of cutting, pasting and patching different rules from different sources. Get rid of the IfModule envelope. Not its contents, just the envelope itself. And then group all your RewriteRules in order, beginning with redirects (the rule you've currently got last) and putting rewrites at the end.

If you have a fixed IP, all you have to do is put another RewriteCond looking at %{REMOTE_HOST} among the existing Conditions in your main rule. But not 
RewriteCond %{REMOTE_ADDR} !=1.3.3.7

with no anchors and unescaped periods, because this rule would match
123.3.7.anything
24.103.3.75
and a bunch of other IPs. If you're matching an exact IP, the rule has to be strictly constrained to
^1\.2\.3\.4$

Now, as long as we're here... 

RewriteBase /store/
<snip>
RewriteRule ^(.*)$ dispatcher.php [L]

Sure, you can use RewriteBase-- but as long as there's only one rule, why not put it into the target instead as 
RewriteRule .* /store/dispatcher.php [L]

Neither anchors nor parentheses are needed, since you're not capturing anything.

Meta-rule for mod_rewrite: never put anything into a Condition that can be put into the body of the rule. Here you've got the generic CMS rewrite. It's very unlikely that it handles non-page requests (not impossible, just unlikely) so the pattern itself can be expressed as
(/|php|^)$
where "php" means any extension your site actually uses for pages.

This line 
!^/store/(payment|admin|provider|partner)/

means that if the user asks for
/store/something-else/
they will get rewritten to
/store/
if and only if their request is for a nonexistent page. Conversely if they ask for
/store/payment/any-old-garbage
they won't get rewritten. This seems a little bit, uh, non-optimal. 

RewriteRule ^/?$ "http\:\/\/www\.example\.com\/store" [R=301,L]

... and this piece is pasted in from somewhere else, right? NOTHING in the target needs to be escaped. Ever. And why are you redirecting to /store when the rewrite asks for /store/ (implying that there exists a file /store/index.php or similar)?

But would the [L] flag shown on the last line of my current .htaccess file

The [L] flag means "If and only if this rule executes, stop looking for more things to rewrite". It should be attached to every RewriteRule unless you've got a specific reason for omitting it. If a rule doesn't apply-- for example, if it's got a "don't include my own IP" condition-- then the flag has no effect.

phranque

12:21 pm on Jul 11, 2013 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



But not RewriteCond %{REMOTE_ADDR} !=1.3.3.7 with no anchors and unescaped periods, because this rule would match 123.3.7.anything 24.103.3.75 and a bunch of other IPs. If you're matching an exact IP, the rule has to be strictly constrained to ^1\.2\.3\.4$


when using the !=Condition Teststring it's not a regular expression - it's a plain string.

http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond
'=CondPattern' (lexicographically equal) Treats the CondPattern as a plain string and compares it lexicographically to TestString. True if TestString is lexicographically equal to CondPattern (the two strings are exactly equal, character for character).

lucy24

7:58 pm on Jul 11, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Whoops! That shows how often I use the equals sign.
:)

Can't say I've never noticed before, because I remember studying this section to establish that "lexicographically" really does mean "If this were a dictionary entry". So you get conditions that translate to "if such-and-such comes before/after this-and-that in the dictionary". (I do wish they'd give examples of when this is useful, because I see a "D'oh!" moment coming up.)

waterworks

3:40 am on Jul 12, 2013 (gmt 0)

10+ Year Member



Thanks guys! Amazing information you've provided and really appreciate the time to respond. The fact that you guys broke things down line-by-line and provided explanations really helped clear some things up in my brain about this stuff. Thank you!

Understand that I'm a total newb to this .htaccess stuff. So when you ask me 'why am I doing this...', my naturally response would be 'why am I doing what?' :)

To a newb, this is quite daunting task. I had to read over the responses three times just to absorb. haha.

lucy24, in response to: "You've already got evidence of cutting, pasting and patching different rules from different sources... "

Actually as far as I understand, Bluehost auto-generated the file. This is the first time I've touched the file. BH has a pretty comprehensive back end CP and if you change some domain settings for redirects and such, it automatically adds code to the .htaccess file. At least that is what I was told by their tech people. Maybe then that is auto-generated code by their servers?

So based on phranque's comment on using !=Condition, its ok to use in this instance. Therefor, combining your notes, I come up with an .htaccess as such: 


# Use PHP5 as default
AddHandler application/x-httpd-php5 .php

RewriteEngine on

RewriteCond %{REMOTE_ADDR} !=1.3.3.7 
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$
RewriteRule ^$ http\://www.domain.com/store/ [R=301,L]

# Redirect ruleset for generic webhost address
RewriteRule ^$ http\://box491.bluehost.com/store/ [R=301,L]


phranque, when you stated "so you don't need to escape any special characters and it should be quoted." did you mean to say that it should NOT be quoted? Just wanted to verify that.

Also, "you should have an additional ruleset (after the store redirect ruleset) to handle the generic hostname canonicalization redirect." How would I achieve this? I know many ISP's use generic hostname but I'm not sure where on the Bluehost Control Panel this is listed.

Thanks again guys. Loving the help on this forum. Much appreciated.

phranque

12:57 pm on Jul 12, 2013 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month 



RewriteEngine on

RewriteCond %{REMOTE_ADDR} !=1.3.3.7
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$
RewriteRule ^$ http\://www.domain.com/store/ [R=301,L]


my bad - i forgot to remove one extraneous backslash.
and i'm still not sure why you need to test for the hostname here.
try using this: 
RewriteEngine on

RewriteCond %{REMOTE_ADDR} !=1.3.3.7
RewriteRule ^$ http://www.domain.com/store/ [R=301,L]



# Redirect ruleset for generic webhost address
RewriteRule ^$ http\://box491.bluehost.com/store/ [R=301,L]

why would you ever want to redirect a visitor to your hosting company's temporary hostname?
remove this until you can explain why it is there.


phranque, when you stated "so you don't need to escape any special characters and it should be quoted." did you mean to say that it should NOT be quoted?

two mistakes in one post - that was supposed to read "NOT quoted" so i edited my previous post to avoid confusion in the future.


you should have an additional ruleset (after the store redirect ruleset) to handle the generic hostname canonicalization redirect.

after all the more specific redirects, your last redirect should be one that redirects any requests for non-canonical protocol/hostnames to the canonical protocol and hostname: 
# Redirect requests for non-blank, non-canonical hostnames to canonical hostname
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]


note that HTTP/1.0 requests do not include a Host: header which is why you only fire this RewriteRule for non-blank HTTP_HOST or you would get an infinite redirect loop.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:13 pm May 1, 2026