or should I be fixing that so it no longer works

Yes. If this were a brand-new site that had never existed before, you could dispense with the Redirect half of your rewrite-to-redirect two-step because nobody knows what the "real" URLs are. But when you're changing an existing site, you have to forcibly redirect requests for the old URL. If nothing else, it will prevent search engines from hitting you with Duplicate Content.

Since you are using mod_rewrite, the 301 redirects must be expressed with RewriteRules (flag [R=301,L]). These rules go before the ones creating an internal rewrite.

Each redirect needs a preceding RewriteCond looking at %{THE_REQUEST} so you only redirect the people who asked for the "wrong" URL by name.

It is a good idea to leave a blank line after each RewriteRule-- especially when it has conditions, so you can tell where one rule ends and another begins.

Incidentally, I hope this is not literally your entire htaccess file, even though you were right to post only the part you're asking about. Where are the ErrorDocument directives and the Deny from... lines?

Hi again and thank you for the reply Lucy.

Since you are using mod_rewrite, the 301 redirects must be expressed with RewriteRules (flag [R=301,L]). These rules go before the ones creating an internal rewrite.

Ok so let me see if I understand this (hint: I probably don't). First, this site is brand new and only on my local machine - so it hasn't been put online yet. I'm ready to put it up, aside from finalizing my htaccess file here..

So. To fix the issue of the 'wrong' urls, do I:

a) need to implement MORE rewrite rules above my current ones, pointing the 'real' url to the rewritten one, and adding [R=301,L] to each of those new rules? For example (pretend this is my whole .htaccess file):

RewriteEngine On

RewriteRule /index.php?p_id=$1&t=$2 ^blog/(.+)/(.+)/$ [R=301,L]

RewriteRule ^blog/(.+)/(.+)/$ /index.php?p_id=$1&t=$2 [L]

or b) Simply add R=301 to my current rewrite rules.

I think what you are saying is a)?

It is a good idea to leave a blank line after each RewriteRule-- especially when it has conditions, so you can tell where one rule ends and another begins.

I will do that for sure. Definitely much more readable.

Incidentally, I hope this is not literally your entire htaccess file, even though you were right to post only the part you're asking about. Where are the ErrorDocument directives and the Deny from... lines?

I am ashamed to admit that is actually my entire .htaccess file :P I simply put in the rules to prettify my urls, but have no clue how to 'finalize' everything to make it OK to put my site online...I am hoping to get some help with that for sure.

RewriteRule /index.php?p_id=$1&t=$2 ^blog/(.+)/(.+)/$ [R=301,L]

RewriteRule ^blog/(.+)/(.+)/$ /index.php?p_id=$1&t=$2 [L]

Well, that's how it works conceptually. First all the redirects from ugly URL to pretty URL, and then internal rewrites back from pretty to ugly. The actual rule would be somewhat longer and messier, along the lines of

RewriteCond %{QUERY_STRING} p_id=([^&]+)&t=([^&]+)
RewriteRule /index.php http://www.example.com/blog/%1/%2/$ [R=301,L]

But if it's a brand-new site, then it is probably safe to dispense with the redirects entirely. The idea is that if nobody has ever been to

example.com/index.php?fantod=brown&willie=green&zither=blue

then they would have no way of knowing that that's what is lurking behind

example.com/brown/green/blue

and they would never make those "index.php" requests in the first place.

Do check logs periodically to make sure nobody learns your "real" URLs.

If the site is not yet live, decide whether you want your URLs to end in a / or not. Pick one form and stick with it, and make sure anything else is redirected exactly as if it were a real, physical file or directory.

Somewhere I've got some boilerplate on cleaning up an htaccess file, but it's 2 AM and I need to go change the cat's diaper, so it will have to wait :)

You're amazing, thank you Lucy. That is a great help.

So I can leave stuff as it is (after cleaning up the rules a little bit). But do I need to worry about the ErrorDocument / Deny From lines that you mentioned?

You should certainly have custom error documents, and you will eventually start locking people out. But that kind of thing can be added any time and won't affect anything else in your htaccess.

Ok, thanks! I am googling custom error docs now.

:: mopping brow in relief ::

Earlier I wrote and then deleted a massive reply, because I mistook you for the guy in the neighboring thread who is running two different CMS installations on the same host at different points on the same path. Just thinking about those two sets of ErrorDocuments gives me a headache.

Think about what happens to you, in real life, when you're puttering around other people's sites and you hit a bad link or you mis-type something. There are useful 404 pages and not-so useful pages. There are pretty 404 pages and not-so-pretty ones. Same for 403 pages.

:: insert boilerplate about how legitimate humans can and do get a perfectly legitimate 403 while doing nothing wrong ::

...if it's a brand-new site, then it is probably safe to dispense with the redirects entirely.

Yes. However, I would still include a rel="canonical" meta tag to be safe... if ever your underlying URL structure did get out, you don't want to run a risk of it being indexed (if it actually works).