1 <?xml version='1.0' encoding='UTF-8' ?>
2 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <manualpage metafile="flags.xml.meta">
24 <parentdocument href="./">Rewrite</parentdocument>
26 <title>Apache mod_rewrite Flags</title>
29 <p>This document discusses the flags which are available to the
30 <directive module="mod_rewrite">RewriteRule</directive> directive,
31 providing detailed explanations and examples.</p>
34 <seealso><a href="../mod/mod_rewrite.html">Module documentation</a></seealso>
35 <seealso><a href="tech.html">Technical details</a></seealso>
37 <section id="introduction"><title>Introduction</title>
38 <p>A <directive module="mod_rewrite">RewriteRule</directive> can have
39 its behavior modified by one or more flags. Flags are included in
40 square brackets at the end of the rule, and multiple flags are separated
43 RewriteRule pattern target [Flag1,Flag2,Flag3]
46 <p>The flags all have a short form, such as <code>CO</code>, as well as
47 a longer form, such as <code>cookie</code>. Some flags take one or more
48 arguments. Flags are not case sensitive.</p>
50 <p>Each flag (with a few exceptions)
51 has a long and short form. While it is most common to use
52 the short form, it is recommended that you familiarize yourself with the
53 long form, so that you remember what each flag is supposed to do.</p>
55 <p>Presented here are each of the available flags, along with an example
56 of how you might use them.</p>
59 <section id="flag_b"><title>B (escape backreferences)</title>
60 <p>The [B] flag instructs <directive
61 module="mod_rewrite">RewriteRule</directive> to escape non-alphanumeric
62 characters before applying the transformation.
65 <p>Apache has to unescape URLs before mapping them,
66 so backreferences will be unescaped at the time they are applied.
67 Using the B flag, non-alphanumeric characters in backreferences
68 will be escaped. For example, consider the rule:</p>
71 RewriteRule ^(/.*)$ /index.php?show=$1
74 <p>This will map <code>/C++</code> to
75 <code>/index.php?show=/C++</code>. But it will also map
76 <code>/C%2b%2b</code> to <code>/index.php?show=/C++</code>, because
77 the <code>%2b</code> has been unescaped. With the B flag, it will
78 instead map to <code>/index.php?show=/C%2b%2b</code>.</p>
80 <p>This escaping is particularly necessary in a proxy situation,
81 when the backend may break if presented with an unescaped URL.</p>
85 <section id="flag_c"><title>C|chain</title>
86 <p>The [C] or [chain] flag indicates that the <directive
87 module="mod_rewrite">RewriteRule</directive> is chained to the next
88 rule. That is, if the rule matches, then it is processed as usual and
89 control moves on to the next rule. However, if it does not match, then
90 the next rule, and any other rules that are chained together, will be
95 <section id="flag_co"><title>CO|cookie</title>
96 <p>The [CO], or [cookie] flag, allows you to set a cookie when a
97 particular <directive module="mod_rewrite">RewriteRule</directive>
98 matches. The argument consists of three required fields and five optional
101 <p>The full syntax for the flag, including all attributes, is as
105 [CO=NAME:VALUE:domain:lifetime:path:secure:httponly]
108 <p>You must declare a name and value for the cookie to be set.</p>
110 <p>You may optionally also set the following values:</p>
114 <dd>The domain for which you want the cookie to be valid. This may be a
115 hostname, such as <code>www.example.com</code>, or it may be a domain,
116 such as <code>.example.com</code>. It must be at least two parts
117 separated by a dot. That is, it may not be merely <code>.com</code> or
118 <code>.net</code>. Cookies of that kind are forbidden by the cookie
120 <dd>The default value for the domain is the current domain.</dd>
123 <dd>The time for which the cookie will persist, in minutes.</dd>
124 <dd>A value of 0 indicates that the cookie will persist only for the
125 current browser session. This is the default value if none is
129 <dd>The path, on the current website, for which the cookie is valid,
130 such as <code>/customers/</code> or <code>/files/download/</code>.</dd>
131 <dd>By default, this is set to <code>/</code> - that is, the entire
135 <dd>If set to <code>secure</code>, <code>true</code>, or <code>1</code>,
136 the cookie will only be permitted to be translated via secure (https)
140 <dd>If set to <code>HttpOnly</code>, <code>true</code>, or
141 <code>1</code>, the cookie will have the <code>HttpOnly</code> flag set,
142 which means that the cookie will be inaccessible to JavaScript code on
143 browsers that support this feature.</dd>
146 <p>Several examples are offered here:</p>
149 RewriteEngine On<br />
150 RewriteRule ^/index\.html - [CO=frontdoor:yes:.apache.org:1440:/]
153 <p>In the example give, the rule doesn't rewrite the request.
154 The "-" rewrite target tells mod_rewrite to pass the request
155 through unchanged. Instead, it sets a cookie
156 called 'frontdoor' to a value of 'yes'. The cookie is valid for any host
157 in the <code>.apache.org</code> domain. It will be set to expire in 1440
158 minutes (24 hours) and will be returned for all URIs.</p>
162 <section id="flag_dpi"><title>DPI|discardpathinfo</title>
163 <p>The DPI flag causes the PATH_INFO portion of the rewritten URI to be
165 <p>This flag is available from 2.2.12</p>
166 <p>In per-directory context, the URI each <directive>RewriteRule</directive>
167 compares against is the concatenation of the current values of the URI
170 <p>The current URI can be the initial URI as requested by the client, the
171 result of a previous round of mod_rewrite processing, or the result of
172 a prior rule in the current round of mod_rewrite processing.</p>
174 <p>In contrast, the PATH_INFO that is appended to the URI before each
175 rule reflects only the value of PATH_INFO before this round of
176 mod_rewrite processing. As a consequence, if large portions
177 of the URI are matched and copied into a substitution in multiple
178 <directive>RewriteRule</directive> directives, without regard for
179 which parts of the URI came from the current PATH_INFO, the final
180 URI may have multiple copies of PATH_INFO appended to it.</p>
182 <p>Use this flag on any substitution where the PATH_INFO that resulted
183 from the previous mapping of this request to the filesystem is not of
184 interest. This flag permanently forgets the PATH_INFO established
185 before this round of mod_rewrite processing began. PATH_INFO will
186 not be recalculated until the current round of mod_rewrite processing
187 completes. Subsequent rules during this round of processing will see
188 only the direct result of substitutions, without any PATH_INFO
192 <section id="flag_e"><title>E|env</title>
193 <p>With the [E], or [env] flag, you can set the value of an environment
194 variable. Note that some environment variables may be set after the rule
195 is run, thus unsetting what you have set. See <a href="../env.html">the
196 Environment Variables document</a> for more details on how Environment
199 <p>The syntax for this flag is:</p>
205 <p><code>VAL</code> may contain backreferences (<code>$N</code> or
206 <code>%N</code>) which will be expanded.</p>
208 <p>These environment variables can then be used in a variety of
209 contexts, including CGI programs, other RewriteRule directives, or
210 CustomLog directives.</p>
212 <p>The following example sets an evironment variable called 'image' to a
213 value of '1' if the requested URI is an image file. Then, that
214 environment variable is used to exclude those requests from the access
218 RewriteRule \.(png|gif|jpg) - [E=image:1]<br />
219 CustomLog logs/access_log combined env=!image
222 <p>Note that this same effect can be obtained using <directive
223 module="mod_setenvif">SetEnvIf</directive>. This technique is offered as
224 an example, not as a recommendation.</p>
227 <section id="flag_f"><title>F|forbidden</title>
228 <p>Using the [F] flag causes Apache to return a 403 Forbidden status
229 code to the client. While the same behavior can be accomplished using
230 the <directive module="mod_access">Deny</directive> directive, this
231 allows more flexibility in assigning a Forbidden status.</p>
233 <p>The following rule will forbid <code>.exe</code> files from being
234 downloaded from your server.</p>
237 RewriteRule \.exe - [F]
240 <p>This example uses the "-" syntax for the rewrite target, which means
241 that the requested URI is not modified. There's no reason to rewrite to
242 another URI, if you're going to forbid the request.</p>
246 <section id="flag_g"><title>G|gone</title>
247 <p>The [G] flag forces Apache to return a 410 Gone status with the
248 response. This indicates that a resource used to be available, but is no
249 longer available.</p>
251 <p>As with the [F] flag, you will typically use the "-" syntax for the
252 rewrite target when using the [G] flag:</p>
255 RewriteRule oldproduct - [G,NC]
259 <section id="flag_h"><title>H|handler</title>
260 <p>Forces the resulting request to be handled with the specified
261 handler. For example, one might use this to force all files without a
262 file extension to be parsed by the php handler:</p>
265 RewriteRule !\. - [H=application/x-httpd-php]
269 The regular expression above - <code>!\.</code> - will match any request
270 that does not contain the literal <code>.</code> character.
273 <p>This can be also used to force the handler based on some conditions.
274 For example, the following snippet used in per-server context allows
275 <code>.php</code> files to be <em>displayed</em> by <code>mod_php</code>
276 if they are requested with the <code>.phps</code> extension:</p>
279 RewriteRule ^(/source/.+\.php)s$ $1 [H=application/x-httpd-php-source]
282 <p>The regular expression above - <code>^(/source/.+\.php)s$</code> - will
283 match any request that starts with <code>/source/</code> followed by 1 or
284 n characters followed by <code>.phps</code> literally. The backreference
285 $1 referrers to the captured match within parenthesis of the regular
289 <section id="flag_l"><title>L|last</title>
290 <p>The [L] flag causes <module>mod_rewrite</module> to stop processing
291 the rule set. In most contexts, this means that if the rule matches, no
292 further rules will be processed.</p>
294 <p>If you are using <directive
295 module="mod_rewrite">RewriteRule</directive> in either
296 <code>.htaccess</code> files or in
297 <directive type="section" module="core">Directory</directive> sections,
298 it is important to have some understanding of how the rules are
299 processed. The simplified form of this is that once the rules have been
300 processed, the rewritten request is handed back to the URL parsing
301 engine to do what it may with it. It is possible that as the rewritten
302 request is handled, the <code>.htaccess</code> file or
303 <directive type="section" module="core">Directory</directive> section
304 may be encountered again, and thus the ruleset may be run again from the
305 start. Most commonly this will happen if one of the rules causes a
306 redirect - either internal or external - causing the request process to
309 <p>It is therefore important, if you are using <directive
310 module="mod_rewrite">RewriteRule</directive> directives in one of these
311 contexts, that you take explicit steps to avoid rules looping, and not
312 count solely on the [L] flag to terminate execution of a series of
313 rules, as shown below.</p>
315 <p>The example given here will rewrite any request to
316 <code>index.php</code>, giving the original request as a query string
317 argument to <code>index.php</code>, however, the <directive
318 module="mod_rewrite">RewriteCond</directive> ensures that if the request
319 is already for <code>index.php</code>, the <directive
320 module="mod_rewrite">RewriteRule</directive> will be skipped.</p>
323 RewriteCond %{REQUEST_URI} !=index.php<br />
324 RewriteRule ^(.*) index.php?req=$1 [L]
328 <section id="flag_n"><title>N|next</title>
330 The [N] flag causes the ruleset to start over again from the top. Use
331 with extreme caution, as it may result in loop.
334 The [Next] flag could be used, for example, if you wished to replace a
335 certain string or letter repeatedly in a request. The example shown here
336 will replace A with B everywhere in a request, and will continue doing
337 so until there are no more As to be replaced.
341 RewriteRule (.*)A(.*) $1B$2 [N]
344 <p>You can think of this as a <code>while</code> loop: While this
345 pattern still matches (i.e., while the URI still contains an
346 <code>A</code>), perform this substitution (i.e., replace the
347 <code>A</code> with a <code>B</code>).</p>
351 <section id="flag_nc"><title>NC|nocase</title>
352 <p>Use of the [NC] flag causes the <directive
353 module="mod_rewrite">RewriteRule</directive> to be matched in a
354 case-insensitive manner. That is, it doesn't care whether letters appear
355 as upper-case or lower-case in the matched URI.</p>
357 <p>In the example below, any request for an image file will be proxied
358 to your dedicated image server. The match is case-insensitive, so that
359 <code>.jpg</code> and <code>.JPG</code> files are both acceptable, for
363 RewriteRule (.*\.(jpg|gif|png))$ http://images.example.com$1 [P,NC]
367 <section id="flag_ne"><title>NE|noescape</title>
368 <p>By default, special characters, such as <code>&</code> and
369 <code>?</code>, for example, will be converted to their hexcode
370 equivalent. Using the [NE] flag prevents that from happening.
374 RewriteRule ^/anchor/(.+) /bigpage.html#$1 [NE,R]
378 The above example will redirect <code>/anchor/xyz</code> to
379 <code>/bigpage.html#xyz</code>. Omitting the [NE] will result in the #
380 being converted to its hexcode equivalent, <code>%23</code>, which will
381 then result in a 404 Not Found error condition.
386 <section id="flag_ns"><title>NS|nosubreq</title>
387 <p>Use of the [NS] flag prevents the rule from being used on
388 subrequests. For example, a page which is included using an SSI (Server
389 Side Include) is a subrequest, and you may want to avoid rewrites
390 happening on those subrequests.</p>
393 Images, javascript files, or css files, loaded as part of an HTML page,
394 are not subrequests - the browser requests them as separate HTTP
399 <section id="flag_p"><title>P|proxy</title>
400 <p>Use of the [P] flag causes the request to be handled by
401 <module>mod_proxy</module>, and handled via a proxy request. For
402 example, if you wanted all image requests to be handled by a back-end
403 image server, you might do something like the following:</p>
406 RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P]
409 <p>Use of the [P] flag implies [L] - that is, the request is immediatly
410 pushed through the proxy, and any following rules will not be
415 <section id="flag_pt"><title>PT|passthrough</title>
418 The target (or substitution string) in a RewriteRule is assumed to be a
419 file path, by default. The use of the [PT] flag causes it to be treated
420 as a URI instead. That is to say, the
421 use of the [PT] flag causes the result of the <directive
422 module="mod_rewrite">RewriteRule</directive> to be passed back through
423 URL mapping, so that location-based mappings, such as <directive
424 module="mod_alias">Alias</directive>, for example, might have a chance to take
429 If, for example, you have an
430 <directive module="mod_alias">Alias</directive>
431 for /icons, and have a <directive
432 module="mod_rewrite">RewriteRule</directive> pointing there, you should
433 use the [PT] flag to ensure that the
434 <directive module="mod_alias">Alias</directive> is evaluated.
438 Alias /icons /usr/local/apache/icons<br />
439 RewriteRule /pics/(.+)\.jpg /icons/$1.gif [PT]
443 Omission of the [PT] flag in this case will cause the Alias to be
444 ignored, resulting in a 'File not found' error being returned.
449 <section id="flag_qsa"><title>QSA|qsappend</title>
451 When the replacement URI contains a query string, the default behavior
452 of <directive module="mod_rewrite">RewriteRule</directive> is to discard
453 the existing query string, and replace it with the newly generated one.
454 Using the [QSA] flag causes the query strings to be combined.
457 <p>Consider the following rule:</p>
460 RewriteRule /pages/(.+) /page.php?page=$1 [QSA]
463 <p>With the [QSA] flag, a request for <code>/pages/123?one=two</code> will be
464 mapped to <code>/page.php?page=123&one=two</code>. Without the [QSA]
465 flag, that same request will be mapped to
466 <code>/page.php?page=123</code> - that is, the existing query string
471 <section id="flag_qsd"><title>QSD|qsdiscard</title>
473 When the requested URI contains a query string, and the target URI does
474 not, the default behavior of <directive
475 module="mod_rewrite">RewriteRule</directive> is to copy that query
476 string to the target URI. Using the [QSD] flag causes the query string
481 Using [QSD] and [QSA] together will result in [QSD] taking preference.
485 If the target URI has a query string, the default behavior will be
486 observed - that is, the original query string will be discarded and
487 replaced with the query string in the <code>RewriteRule</code> target
493 <section id="flag_r"><title>R|redirect</title>
495 Use of the [R] flag causes a HTTP redirect to be issued to the browser.
496 If a fully-qualified URL is specified (that is, including
497 <code>http://servername/</code>) then a redirect will be issued to that
498 location. Otherwise, the current servername will be used to generate the
499 URL sent with the redirect.
503 <em>Any</em> status code may be specified, that is a valid HTTP Response,
504 with a 302 status code being used by default if none is specified.
508 You will almost always want to use [R] in conjunction with [L] (that is,
509 use [R,L]) because on its own, the [R] flag prepends
510 <code>http://thishost[:thisport]</code> to the URI, but then passes this
511 on to the next rule in the ruleset, which can often result in 'Invalid
512 URI in request' warnings.
517 <section id="flag_s"><title>S|skip</title>
518 <p>The [S] flag is used to skip rules that you don't want to run. This
519 can be thought of as a <code>goto</code> statement in your rewrite
520 ruleset. In the following example, we only want to run the <directive
521 module="mod_rewrite">RewriteRule</directive> if the requested URI
522 doesn't correspond with an actual file.</p>
525 # Is the request for a non-existent file?<br />
526 RewriteCond %{REQUEST_FILENAME} !-f<br />
527 RewriteCond %{REQUEST_FILENAME} !-d<br />
528 # If so, skip these two RewriteRules<br />
529 RewriteRule .? - [S=2]<br />
531 RewriteRule (.*\.gif) images.php?$1<br />
532 RewriteRule (.*\.html) docs.php?$1
535 <p>This technique is useful because a <directive
536 module="mod_rewrite">RewriteCond</directive> only applies to the
537 <directive module="mod_rewrite">RewriteRule</directive> immediately
538 following it. Thus, if you want to make a <code>RewriteCond</code> apply
539 to several <code>RewriteRule</code>s, one possible technique is to
540 negate those conditions and use a [Skip] flag.</p>
544 <section id="flag_t"><title>T|type</title>
545 <p>Sets the MIME type with which the resulting response will be
546 sent. This has the same effect as the <directive
547 module="mod_mime">AddType</directive> directive.</p>
549 <p>For example, you might use the following technique to serve Perl
550 source code as plain text, if requested in a particular way:</p>
553 # Serve .pl files as plain text<br />
554 RewriteRule \.pl$ - [T=text/plain]
557 <p>Or, perhaps, if you have a camera that produces jpeg images without
558 file extensions, you could force those images to be served with the
559 correct MIME type by virtue of their file names:</p>
562 # Files with 'IMG' in the name are jpg images.<br />
563 RewriteRule IMG - [T=image/jpg]
566 <p>Please note that this is a trivial example, and could be better done
567 using <directive type="section" module="core">FilesMatch</directive>
568 instead. Always consider the alternate
569 solutions to a problem before resorting to rewrite, which will
570 invariably be a less efficient solution than the alternatives.</p>