Skip to content

Instantly share code, notes, and snippets.

@orvn

orvn/htaccess-flag-reference.md

Created July 7, 2021 05:42
Show Gist options
  • Save orvn/644d94f7dd374001e653cd83a0c3db4c to your computer and use it in GitHub Desktop.
Save orvn/644d94f7dd374001e653cd83a0c3db4c to your computer and use it in GitHub Desktop.
Download ZIP
.htaccess Rewrite rule flags
Raw
htaccess-flag-reference.md

Apache flags, sorted by frequency of use (more common at the top)

R

  • Perform an HTTP redirect
  • Default is a temporary 302 redirect
  • Always use with an L
  • e.g., [L,R=301]

L

  • Break if the rule matches, i.e. don't process subsequent rules
  • e.g., [L]

F

  • If matches, send 403 fobidden header
  • e.g., [F]
  • Note that this rule always sends an L as well, stopping the evaluation

G

  • If matches, send 410 gone header, indicating a resource isn't available anymore
  • e.g., [G]

S

  • Skip rules below from running, specify number of lines to skip
  • Can be used as a technique for control structures, the first line acts as an if statement
  • e.g., [S=2]

T

  • Force a mime type
  • e.g., [T=image/gif]

E

  • Set environment variable
  • e.g., [E=STAGING:1]
  • Note that all environment variables are prefixed with REDIRECT_ and should be accessed as such

CO

  • Inject a cookie if a rule matches
  • e.g., [CO=key:value:.foo.com:1440:/]
    • This sets a cookie 24 hour cookie

Query parameters

  • [QSA] Append params from request to target
  • [QSD] Discard params
  • [QSL] Use the last ? in the URL string as the delimeter, instead of the default, using the first (match from right)

H

  • Set a handler, overriding what's set right now
  • e.g., [H=application/x-httpd-php]

B

  • Escape special characters
  • Specify them like [B=#?;]

BNP

  • To be used with B
  • Converts spaces to %20 when escaped with B
  • e.g., [B,BNP]

C

  • Chain rules
  • Only move on to the next rule if this rule passes
  • i.e., if the rule does not evaluate to true, break out of sequence
  • e.g., [C]

DPI

  • Discard PathInfo object
  • i.e., If redirect matches don't pass metadata
  • e.g., [DPI]
  • Note that this removes this data from the set of redirect rules being processed

N

  • Loop the rule while it matches, optionally set a maximum iteration limit
  • e.g., [N=5]
  • Note this can cause an indefinite loop, or at least one that errors out after the default 32000 iterations

NC

  • No case, rule is case insensitive
  • e.g., [NC]

NE

  • No escape, don't convert special characters to hex
  • e.g., [NE]

NS

  • No subrequests, don't match if this URL contains subrequests, which aren't used often, except in some CGI configurations
  • e.g., [NS]

PT

  • Pass through treats the path as a URI, allowing it to be processed by other rules or modules
  • e.g., [PT]

P

  • Use mod_proxy for this request
  • e.g., [P]
  • Note: Avoid using this flag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment