Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

mod rewrite

takes an act of Congress



4:32 am on Jan 21, 2002 (gmt 0)

10+ Year Member

I'm not an Apache guru. I am not a tech support person. I am idiotgirl. But I am quite frustrated with the responses I'm getting from my host provider about mod_rewrite. I can see what I can do with it. I believe I'm capable of getting alot out of it (for me). But my host provider runs like a skeert leetle rabbit at the mere mention. They've changed their stance on this continuously for about three months. End result: no mod rewrite for me. I'm sunk doing 'baby stuff'. Not happy.

Does it cause some unGodly problems? Is it that difficult to add to a unix box? I understand some concerns about security and what it could do in the wrong hands- but I only need to do basic stuff - like modify .htaccess files with rewrite conditions. Big deal! Last I heard they wanted me to get a dedicated server for $XXX per month. This was after they bad-mouthed the mod up one side and down the other.

Anyone want to share the real story behind this frightening thing called mod_rewrite? What gives?


4:43 am on Jan 21, 2002 (gmt 0)

*G pats I-girl's hand*

I feel your pain. I, too, have a service provider which makes me crazy. (I'm not even allowed to do Server Side Includes.)

.htaccess is part of Apache. It is a file which allows per directory access. Server-wide access is controlled by an access control file called access.conf.

You have a couple of options:
1. Tell the admin exactly what you want to do with the .htaccess file. Perhaps they can tweak the file for you to do what you want.


2. Take your site -- and your money -- elsewhere.

<later>GACK! Just realized I answered the wrong question ... </later>


4:51 am on Jan 21, 2002 (gmt 0)

Oooh, but this might help you: "How do I make dynamic urls into Static urls with no mod_rewrite?"



4:56 am on Jan 21, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

mod_rewrite takes about five minutes to install. The last known vulnerability that I recall was from a couple of years ago and invloved a specific rewrite rule. As far as I know it was never exploited and was fixed in Apache 1.3.13

Given the large number of servers on the net running with mod_rewrite available without problems, I'll let you draw your own conclusions.


4:59 am on Jan 21, 2002 (gmt 0)

Ooooh, and here is a post with a bunch of links to tutorials:



5:16 am on Jan 21, 2002 (gmt 0)

10+ Year Member

>Does it cause some unGodly problems?
There is a performance hit as every request is checked against the rewrite rules.

What were their reasons for not providing it, IG?


7:08 am on Jan 21, 2002 (gmt 0)

10+ Year Member

Oh man- I've spent more time at Apache's site lately than anywhere else. I can't see any reason they won't install it - but they said when they set up the boxes they didn't install then - so now it's not an option (why?) That's the best they can tell me.

Half the techs don't know what I'm talking about, and the other half groan and shove me off to someone else. I just don't GET what the big deal is. I told them exactly what I wanted to do with it - rewrite conditions - and one tech went so far as to say, "That can't be done".

Right. Duh.

I tried doing it though my conf files- but it's a no go. It's missing something (like the actual mod!) I'm dead in the water and don't know what to do.

The thought of transferring all my clients to another box is just too dreadful. I'm hoping to pick up some little piece of information that will turn this situation around.


7:43 am on Jan 21, 2002 (gmt 0)

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Dreadful though it may be, finding another host sounds like a good idea. Today it's mod_rewrite... and even if you convince them to install it, it may well be something else tomorrow.

Seriously, it's totally worth is to find a company that offers access to all the standard goodies up front, and if you're really lucky, you might find one who's also willing to get under the hood and tinker with stuff for you...


8:58 am on Jan 21, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Hi idiotgirl, sounds like idiottech's...

The only reason I can think of it not being there is that its not included in a default apache install, requires recompiling with a few additional directives.

There is a performance hit but with hardware more powerful per buck than ever before its a poor excuse.

I take it that php isn't available either? (Another recompile)

The only other thing I can add is that with hosting being so cheap - it's probably worth taking on a second package, getting every thing up and running and transferring - I did this and haven't looked back.

To give you an indication - my hosting now costs 20GBP pcm, 40 Gig Bandwidth, mod_rewrite, php, unlimited domains (10GBP 2yrs), 600mb, mysql, perl, ssh, crons etc etc. I have a few niggles but compared to the package I was on previously its fantastic. I'm sure even better offers are available in the US.

Good luck


1:45 pm on Jan 21, 2002 (gmt 0)

10+ Year Member

Okay - it looks like other than an install and a couple tweaks this wouldn't be a big deal for someone fairly capable. Not me - but a tech. Right?

Tuesday I'll go back at it with them and tell them what those 'in the know' (you guys) have told me - and if this can't be resolved I'll look to get something else set up the way I want it and begin the "migration" after the new box rattles and hums just the way I like it.

This is so frustrating- these techs treat you like you're stupid (okay - my name isn't really idiotgirl) - then you ask them about things like this and they're the ones who know less than you! It was their screw-ups that got me on the quick-n-dirty path to working my own conf files and configuring my own domains. I figured that out just by visiting the Apache sites (and a few close calls!) I'm not *totally* inept. Then I ask for a little deal like mod rewrite and I'm practically 86'd. Geez!


5:39 am on Jan 22, 2002 (gmt 0)

10+ Year Member

Today was not a good day. Based on my faith in the expertise of the people on this board - after parsing log files this afternoon - I sent the following to my current (nameless) host provider:

I have been discussing with tech support for a couple months or more how to block certain IP addresses from accessing my main domain, *****, and the domains I host under it. Depending on who I talk to - the response is different every time. Something like musical chairs.

Last response said that I should get a dedicated server, as I asked about mod_rewrite. She said it was not installed when the boxes were set up, so could not be done now. She suggested a dedicated server. I think that translates to, "We don't want to bother. Go away. Or give us more money".

Here's what I'm dealing with: I have client sites with images being stolen and hotlinked all over the internet. Hundreds of times. Not once or twice, but hundreds of times every week. Maybe a thousand or more. I am SICK of it.

Now, with mod_rewrite, I could do rewrite conditions that would prevent this, and also ban a lot of bots and spiders I don't need crawling around. That is my intention. I'm not trying to do anything subversive, but I am tired of being strangled with the limitations I am faced with.

Adding the addresses to .htaccess, the way the boxes are set up now, DOES NOT WORK. Period. It has no effect - in fact - it doesn't even work. I added lots of IPs to my banned list. They cruise in, and continue to come and go as they choose. I banned *myself* - just for kicks - and was looking through sites without missing a beat. Verdict: .htaccess as it is currently configured on this box is totally impotent. Needs Viagra.

So where does that leave me? I already do my own conf files - because half the time the techs set the domains up wrong to begin with. I submit which folder it's to go in - they always do the default install of (htdocs) - so then I go in and tweak it. Then I tweak the names it automatically assigns the cgi-bins - and the default cgi-bin locations. No big deal, I'm used to it. But I do this myself. Haven't blown it up yet, have I?

Currently, I already have a zillion things going on in my cgi-bins. I have my own error tracking. I have scripts that do all kinds of things - which I wrote. But, most importantly, I have a bunch of domains I have no time to move to another server - being plundered by people all over the internet. And I'm helpless.

No, I don't need or want a dedicated server. mod_rewrite, despite what some of your techs have told me, is not pure evil, straight from Hell. Other webmasters I know say it's about a five minute install, plus some additional tweaking. They do rewrite conditions all day long. Without blowing anything up, without begging and pleading, and without a dedicated server. Want names? I'll give you some.

If it's the matter of time to install the mod - fine - I'll pay what's reasonable. That's not an issue. (In fact, I was led to believe a month or so ago this might even happen. I was filled with joy.) What I am having an issue with is a host provider that does nothing to help me, and I'm stuck with a box full of clients getting raped every day because I can't do a thing about it.

Am I not polite? Do I call and scream at your techs? Does any of this seem to matter at all to anyone? NO. But it matters to me. I would very much appreciate this meeting a swift resolution.




7:11 am on Jan 31, 2002 (gmt 0)

10+ Year Member

I not sure if this is a solution to your problem, but it looks interesting. These are cgi scripts [cgi.resourceindex.com] that are supposed to thwart image/bandwidth thieves. At least one of them works by imbedding the url of the script into the image tag forcing the script to serve up the image. The script first checks to see if you allow the referrer in it's @referers variable. If not, a custom error image gets served up. Looks kinda like a cloaking script for images. All the images would need their tags altered. If there's a lot of images it could be a pain editing all the code, but if your good with search and replace string functions it shouldn't be that daunting.

I have a similar situation with mod_rewrite on some of our servers that are configured with Frontpage 2K. For some reason the owner of the network is convinced that compiling in the Frontpage modules along with mod_rewrite creates a greater security risk. He claims that Microsoft botched the support for mod_rewrite in their extension set for Apache. It's too bad because mod_rewrite is such a smooth tool. Anyway, I hope the above may be of some help.


Featured Threads

Hot Threads This Week

Hot Threads This Month