orvn/htaccess-flag-reference.md

Created July 7, 2021 05:42

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/orvn/644d94f7dd374001e653cd83a0c3db4c.js"></script>
Save orvn/644d94f7dd374001e653cd83a0c3db4c to your computer and use it in GitHub Desktop.

Download ZIP

.htaccess Rewrite rule flags

Raw

htaccess-flag-reference.md

Apache flags, sorted by frequency of use (more common at the top)

`R`

Perform an HTTP redirect
Default is a temporary 302 redirect
Always use with an L
e.g., [L,R=301]

`L`

Break if the rule matches, i.e. don't process subsequent rules
e.g., [L]

`F`

If matches, send 403 fobidden header
e.g., [F]
Note that this rule always sends an L as well, stopping the evaluation

`G`

If matches, send 410 gone header, indicating a resource isn't available anymore
e.g., [G]

`S`

Skip rules below from running, specify number of lines to skip
Can be used as a technique for control structures, the first line acts as an if statement
e.g., [S=2]

`T`

Force a mime type
e.g., [T=image/gif]

`E`

Set environment variable
e.g., [E=STAGING:1]
Note that all environment variables are prefixed with REDIRECT_ and should be accessed as such

`CO`

Inject a cookie if a rule matches
e.g., [CO=key:value:.foo.com:1440:/]
- This sets a cookie 24 hour cookie

Query parameters

[QSA] Append params from request to target
[QSD] Discard params
[QSL] Use the last ? in the URL string as the delimeter, instead of the default, using the first (match from right)

`H`

Set a handler, overriding what's set right now
e.g., [H=application/x-httpd-php]

`B`

Escape special characters
Specify them like [B=#?;]

`BNP`

To be used with B
Converts spaces to %20 when escaped with B
e.g., [B,BNP]

`C`

Chain rules
Only move on to the next rule if this rule passes
i.e., if the rule does not evaluate to true, break out of sequence
e.g., [C]

`DPI`

Discard PathInfo object
i.e., If redirect matches don't pass metadata
e.g., [DPI]
Note that this removes this data from the set of redirect rules being processed

`N`

Loop the rule while it matches, optionally set a maximum iteration limit
e.g., [N=5]
Note this can cause an indefinite loop, or at least one that errors out after the default 32000 iterations

`NC`

No case, rule is case insensitive
e.g., [NC]

`NE`

No escape, don't convert special characters to hex
e.g., [NE]

`NS`

No subrequests, don't match if this URL contains subrequests, which aren't used often, except in some CGI configurations
e.g., [NS]

`PT`

Pass through treats the path as a URI, allowing it to be processed by other rules or modules
e.g., [PT]

`P`

Use mod_proxy for this request
e.g., [P]
Note: Avoid using this flag

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment