welcome to WebmasterWorld, riomaha!


what have you tried so far and what response have you gotten?
please post your (exemplified) mod_rewrite directives.

are you using any mod_alias directives?

In addition to posting the code that isn't working (and please explain exactly what "not working" means) ... did you remember

RewriteEngine on

? You have to repeat this in every environment where a RewriteRule occurs. For example if it's inside a FilesMatch envelope, you have to say "RewriteEngine on" all over again.

mod_rewrite behaves pretty much the same wherever you're using it. The pattern may look a little different if it's inside a <Directory> section (including htaccess); other than that it's pretty much all the same.

Incidentally, you don't really want to redirect (visibly) to something ending in "index.php" do you? :(

I apologize for not getting back to you sooner. You all have good questions and here is what might be a not so good answer.

Here is a different combination of things I tried.

I updated my httpd.conf with
Alias /store/ "/var/www/html/store/"

so that I can use .htaccess in the root folder of store
no redirect

I added this code in .htaccess and/or httpd.conf
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !^variable3
RewriteRule ^(.*)/?$ /?$1 [L]

I also tried in both httpd.conf and .htaccess (think that i dont need to pass any variables.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !index.php
RewriteRule .* index.php? [QSA,L]


I tried adding to .htaccess

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_URI} !=/index.php
RewriteRule .* /index.php


also tried in .htaccess
RewriteEngine On
RewriteCond %{ENV:REDIRECT_VARIABLE3} (.+)
RewriteRule .* -F [E=VARIABLE3:%1]

and in .htaccess
RewriteEngine On
RewriteCond %{ENV:REDIRECT_VARIABLE3} (.+)
RewriteRule .* - ![E=VARIABLE3:%1]

What are your AllowOverrides settings?

RewriteRule .* index.php? [QSA,L]

This makes no sense. If you've explicitly set the query string to null (which is what the ? in the target does) then what's QSA for?

Thank you for that question, I tested different variation to see if mod_rewrite was working. I noticed that nothing was working. I had changed allowoverride to All but it seems that it did not save or i reverted back becasue it had broken my production site.

Since then I added this entry to my httpd.conf in order not to break my production site which is at the root of html.

<Directory "/var/www/html/store/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

I used this code in .htaccess and i can see it block me from getting to the site forbidden

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !^variable3=$
RewriteRule ^ - [F]

To rephrase my questino better, variable three is a sessionID generated by the syste, upon accessing the site. I need to ensure that no referring link has variable3 specidfied in URL (linking to it or entering it manually).

If sessionID is found in URL or referring link, ignore it so that a new session is generated.
I tried this and it does redirect but it is redircting when the session ID is not even specified in URL (variable3 in previouse examples is sessionid in the example below

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !^sessionid=$
RewriteRule ^/?(.*) /store/index.php [L,R,NE]

Ok, I think I figured it out but let me know if it makes sense

RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} ^(.*)sessionid(.*)$
RewriteRule ^/?(.*) session_time_out_page [L,R,NE]

RewriteCond %{QUERY_STRING} !^sessionid=$

Seems like this condition would always fail (or always succeed, depending on how you look at it), unless your URLs are set up to have "sessionid=" as a default parameter all the time, even when it has no value, and it's your only parameter ever.

Conditions involving the query string have special issues, because the query is treated as a package. Anchors refer to the whole string as a unit, not to individual parameters. So to isolate one parameter independent of its location, you have to say something like

RewriteCond %{QUERY_STRING} (^|&)queryname=value($|&)

Or, if you can't specify what you want for "value" (for example "\d+" or "[a-z]+") express it as [^&]*
The two pairs

(^|&)

and

($|&)

mean "this is either the beginning/end of the whole query string, or there's an ampersand here marking the beginning/end of one parameter".

RewriteCond %{QUERY_STRING} ^(.*)sessionid(.*)$

Ouch. See above about the

(^|&)

formulation instead. Never use .* or .+ in non-final position if you've got any alternative whatsoever.

If you only need "sessionid" to be present, and don't care about its value, you don't need the (.*)$ part at all. And if you're absolutely certain that you will never have another parameter with an overlapping name, like "newsessionid" or "sessionid3", AND no other parameter's value could ever possibly contain "sessionid", you can dispense with the

(^|&)

business and just match the text.

Pro tip: use [ code ] markup inline to avoid unwanted smileys without having to keep disabling them :)

RewriteRule ^/?(.*) /store/index.php [L,R,NE]

--Do you want this to be a 302 temporary redirect? That's the default value of the [R] flag.
--Give the full protocol-plus-domain in all redirect targets, regardless, unless you have a solid reason for omitting it.
--The [NE] flag is not actively harmful, but it's utterly unnecessary since there is nothing in the target that could potentially be escaped. (The query string is unaffected by default.)
--Since you're not capturing, you don't need the (.*) part in the pattern. Use a leading slash only if the rule is lying loose in the config file; any directory context (whether <Directory> section or htaccess) begins with the bare filename. Here it's irrelevant since you're not matching any particular text. Just give the pattern as

.?

without anchors.

Thank you. What I really want to do is if session id is specified in the url, it should be ignored or removed so that the application assigns a new session while keeping all other parameters in the URL for example pageid=3 or productid=15.

Are you suggesting that my mod rewrite should look like this

RewriteEngine On 
RewriteBase / 
RewriteCond %{QUERY_STRING} (^|&)queryname=value($|&) 
RewriteRule ^/?(.*) http://xyz.com/store/index.php [L,R]

is there a way I can carry the other variables in the URL short of the sessionID?

I forogt to mention that I dont nwant to spcify a value for queryname or sessionid. I want the system to detect whatever it might be and remove it

What I really want to do is if session id is specified in the url, it should be ignored or removed so that the application assigns a new session while keeping all other parameters in the URL

But then how can you tell whether it's a brand-new sessionID or an older one that needs reassignment? Or did you mean that "sessionID" should simply be removed from the URL? If you don't want it to be used at all, what's it doing in the URL in the first place?

I'm inclined to think that it would be better to handle the issue in php-- especially since the site already uses php to construct its pages. The php (or, for that matter, any language) has far more resources to evaluate a parameter and determine whether it's "good" (newly assigned) or "bad" (outdated). It can then choose whether to issue a redirect-- reusing any existing parameters-- or proceed directly to the requested page.

The problem with trying to do it all in Apache is that you can only capture from the most recently matched RewriteCond. So you'd have to do something undesirable like

RewriteCond %{QUERY_STRING} ^(.*?)sessionid=[^&]*&?(.*)
RewriteRule (.*) http://www.example.com/store/index.php?%1%2 [R=301,L]

Note icky and unappealing use of non-final .* Note also that %1, if present, will end in &, while %2, if present, has no &. (There are alternative ways to make the RegEx, but this is the least hiccupy.) The form
.*?
means "stop at the first occurrence of 'sessionid' instead of proceeding to the very end to see if there will be additional occurrences" (because Regular Expressions are fundamentally stupid and don't know that the string can't occur twice).