Deny access to URLs using .htaccess
17 December 2021
The mod_rewrite module lets you manipulate URLs. Among others, you can use this to deny access to a page.
Rewrite rules have a condition and rule. The condition defines what needs to be matched, and the rule tells Apache what it should do if a match is found. Both let you use regular expressions.
Example
For instance, let’s say you want to deny access to a contact form at example.com/contact. To do so you can use a rule like this:
RewriteEngine On
RewriteCond %{REQUEST_URI} "^/contact" [NC]
RewriteRule "^.*$" - [F,L]
The first line enables rewriting – if you forget this line nothing is rewritten. Next is the condition. In the above example I match any URL that starts with with the string /contact (the caret symbol (^) denotes the start of the string). The NC flag at the end is used to ignore the case. So, the condition matches /contact, /cOnTaCT and any other weird cases.
The rewrite rule starts with a pattern. Here, the pattern is not important – we just want to deny access to the contact form. The pattern ^.*$ matches any string, which is exactly what we want. The F flag throws a “forbidden” error, and L tells Apache to stop processing rules.
Refining the rewrite condition
You always need to think carefully about the rewrite condition. The above rule matches any URL starting with /contact. That is not necessarily what you want, as there may be other pages that start with the string. For instance, the rule also blocks a URL like /contact-your-mp:
$ curl -IL example.com/contact HTTP/1.1 403 Forbidden ... $ curl -IL example.com/contact-your-mp HTTP/1.1 403 Forbidden ...
To uniquely match /contact you need to use the dollar sign to mark the end of the string. In addition, you may need to match both /contact and /contact/ (note the trailing stroke in the second string). You can do the latter by adding /?. The question mark matches the preceding character zero or one times. So, it tells Apache that there may or may not be a trailing stroke.
RewriteEngine On
RewriteCond %{REQUEST_URI} "^/contact/?$" [NC]
RewriteRule "^.*$" - [F,L]
Now, the contact form is blocked but the page about contacting your MP can still be accessed:
$ curl -IL example.com/contact HTTP/1.1 403 Forbidden ... $ curl -IL example.com/contact/ HTTP/1.1 403 Forbidden ... $ curl -IL example.com/contact-your-mp HTTP/1.1 200 OK ...
Featured Blogs
How to Choose a Dedicated Server for UK Businesses
Dedicated servers offer numerous advantages for businesses, including optimal performance, speed, reliability, and enhanced security. However, choosing a dedicated server provider for a business can be a challenging task, especially if you’re unsure what factors to consider. Dedicated server requirements will differ based on your type of business type, whether you’re in e-commerce, gaming, media, …
Comparing Dedicated Servers with VPS Hosting
Many businesses begin by managing their own websites or using shared hosting, but as their needs grow, they often require a more robust solution to enhance performance, security, and speed. Whether you run an e-commerce store, an online gaming platform, an IT consultancy, or a news website; increased traffic and business growth may lead you …
Why Choose UK Dedicated Server Hosting for Your Business?
As companies scale their operations and seek to maintain a seamless online presence, many consider upgrading to a dedicated server. This option offers greater control, enhanced security, and improved performance; all crucial elements for growing businesses. Given these advantages, it’s no surprise that dedicated server hosting has become a popular choice. Deciding if it’s worth …
Managed Dedicated Server Hosting for eCommerce Businesses in the UK
As more UK shoppers increasingly turn to online platforms to make their purchases, having a good online platform as an eCommerce business is essential. As your eCommerce operation grows, you may encounter challenges such as higher traffic, slower loading times, and potential security issues, all of which can negatively impact the visitor experience on the …
How Managed Dedicated Servers Can Elevate Your Online Security
Businesses today are confronted with an increasing array of online threats that can compromise sensitive data, disrupt operations, and harm reputation. As cyber threats continue to grow in both frequency and sophistication, the potential for online breaches can pose a significant risk to any business. Failing to implement robust security measures can lead to data …
Managed vs Unmanaged Dedicated Servers; Which is Right for Your Business?
Many businesses rely on hosting providers for dedicated servers to ensure optimal performance, security, and control. Unlike shared hosting, where resources are divided among multiple users, a dedicated server offers exclusive access to all of the server’s resources. This makes it ideal for businesses that experience high traffic, require substantial resources, or operate in data-sensitive …
Dedicated Server Basics; Everything You Need to Know
With businesses receiving more traffic on their websites than ever before, as more people engage online, the need for a dedicated server has become vital. While smaller businesses can often use shared hosting and virtual private servers, larger businesses with high traffic typically require more advanced and comprehensive hosting solutions; dedicated servers emerge as the …
Tips for Creating a User-Friendly Website
When designing a website, prioritising user-friendliness is crucial for success, especially for businesses offering products or services. A user-friendly website is not just nice-to-have; it’s a necessity. It ensures that visitors can easily navigate your site, enjoy a visually appealing interface, experience fast loading times, and seamlessly interact with the content. However, creating a user-friendly …
Discussing the Importance of Server Scalability for Business Growth
For business growth, meeting the increasing demands of customers can be challenging. It’s essential to keep pace with these demands without compromising on performance. As a business expands, it typically encounters higher traffic volumes, larger data storage needs, and the requirement to support more complex applications which is where server scalability becomes crucial. Server scalability …
Effective Ways to Improve the Credibility of Your Website
Now, more than ever, the credibility of a business’s website is crucial for building trust with the target audience and achieving business goals. A credible website not only attracts visitors but also keeps them engaged, encourages conversions, and encourages long-term relationships. A strong online presence is essential for businesses to thrive and compete effectively. Investing …
What our clients say
Great real person support – direct phone number, usually the same individual so any problems are handled by the same people. Excellent.
