# Apache: .htaccess & mod_rewrite problems

## luddite

I'm trying to use mod_rewrite in an Apache .htaccess file to provide a unique index.html page for one specific user.  For reasons that are unclear, I can't get it to work.  It appears that my Apache2 installation is not performing any mod_rewrites.  Is this module included in the default Apache installation on Gentoo?  Do I have to do something unusual to turn it on?

I'm using the following code in an attempt to re-define my web site's default welcome page for one specific user:

```
htdocs # cat .htaccess

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{REMOTE_ADDR} ^192\.168\.5\.220$

RewriteRule ^/index\.html$ /custom.html [L]
```

When a user logs onto the server from the 192.168.5.220 IP address and asks for the index.html file, Apache serves up the index.html file and not the custom.html file.

(the real IP has been substituted for 192.168.5.220 in the example.)

Here is the pertinent section from /etc/apache2/httpd.conf:

```
#

# Mappers

#

# These Modules provide URL mappings or translations.

LoadModule alias_module                  modules/mod_alias.so

LoadModule rewrite_module                modules/mod_rewrite.so

<IfDefine USERDIR>

    LoadModule userdir_module            modules/mod_userdir.so

</IfDefine>

...

```

net-www/apache-2.0.55-r1

Any insights would be appreciated.  TIA.

----------

## Janne Pikkarainen

I guess Apache does not allow you to change Options settings in .htaccess files by default. Maybe even rewrite rules are not allowed by default. For that you need to change AllowOverride directive in httpd.conf.

But if you need to make the change only for one user, it maybe is not wise to change httpd.conf just because of that -- allowing too settings to be changed via .htaccess is a security hazard.  If I were you, I'd put a separate <Directory> for that user in httpd.conf and put rewrite rule there.

----------

## luddite

Any ideas why making this change in httpd.conf would not fix the problem?  FWIW I did restart the daemon.

```

#

# Each directory to which Apache has access can be configured with respect

# to which services and features are allowed and/or disabled in that

# directory (and its subdirectories).

#

# First, we configure the "default" to be a very restrictive set of

# features.

#

<Directory />

    Options FollowSymLinks

    #AllowOverride None

    AllowOverride All

</Directory>

```

----------

## Janne Pikkarainen

Oh no! Please don't do that. Do not ever, ever make the default settings for the root directory (/) less secure! Now what happened is that every single directory EXCEPT your actual document root is less secure than before. 

Instead, if your special case user is located in /home/joeuser/public_html, put this to httpd.conf if you really need to allow more powerful .htaccess files:

```
<Directory /home/joeuser/public_html>

    Options AllowOverride All

</Directory>
```

And if you just need to fine-tune that user, put this to httpd.conf

```
<Directory /home/joeuser/public_html>

    Options +FollowSymLinks

</Directory>

RewriteEngine On 

RewriteCond %{REMOTE_ADDR} ^192\.168\.5\.220$ 

RewriteRule ^/index\.html$ /custom.html [L]

```

----------

## luddite

Thanks for the security tip.  I understand the rationale not to do that, but I have to admit that I am not excessively worried about it at the moment because mod_rewrite still does not work in ANY directory.

It appears that at least one condition that is necessary to enable mod_rewrite on Apache2 on a Gentoo box remains missing. I understand that Gentoo's apache implementation differs significantly from the official Apache installation, which renders the Apache doc page at apache.org less than totally helpufl.  Are you sure that nothing else that is unique to Gentoo is required to enable mod_rewrite on a Gentoo box?

----------

## Janne Pikkarainen

Yes, I'm using mod_rewrite all the time without any problems. No extra steps other than making sure that mod_rewrite is loaded with LoadModule and starting the engine with RewriteEngine On are needed.

Have you tried put 

```
RewriteLogLevel 2

RewriteLog /var/log/apache2/rewrite.log
```

to httpd.conf to see if mod_rewrite is doing anything and if it is, where it goes wrong? Log level 2 is a good starting point, and you may increase it up to 9 to pump up the verbosity.

----------

## luddite

 *Janne Pikkarainen wrote:*   

> Yes, I'm using mod_rewrite all the time without any problems. No extra steps other than making sure that mod_rewrite is loaded with LoadModule and starting the engine with RewriteEngine On are needed.
> 
> Have you tried put 
> 
> ```
> ...

 

OK, I'm not sure where you're suggesting that I should put the RewriteLog commands, so I'm guessing that you would put them here:

```
#

# Mappers

#

# These Modules provide URL mappings or translations.

LoadModule alias_module                  modules/mod_alias.so

LoadModule rewrite_module                modules/mod_rewrite.so

RewriteLogLevel 9

RewriteLog /var/log/apache2/rewrite.log

<IfDefine USERDIR>

    LoadModule userdir_module            modules/mod_userdir.so

</IfDefine>
```

There is no logging activity.  I have created a ZLF in the log directory with the same permissions as the other log files that are functioning properly.  I continue to think that mod_rewrite has never been successfully enabled.  Is it necessary to make any changes to /etc/apache2/vhosts.d/00_default_vhost.conf?

----------

## MaBu-Gentoo

Thanks to you I have mod_rewrite working. I just add my folder with Allow oweride All to /etc/apache2/vhosts.d/00_default_vhost.conf . thanks again I almost gave up.

```

    <Directory "/var/www/localhost/htdocs/bugsopen">

        AllowOverride All

    </Directory>

```

right above 

```
  <Directory "/var/www/localhost/htdocs">
```

----------

## borge

I've tried to get my RewriteRules to work for a while with no succes. 

On my development box, in /etc/apache2/httpd.conf, beeing lazy I first tried to go with:

```

<Directory /> 

     Options FollowSymLinks 

     AllowOverride All 

 </Directory>

```

In /var/www/localhost/htdocs/my.site.com/.htaccess I had the following:

```

RewriteEngine On 

RewriteRule foo.html bar.html [L]

```

Pointing my brower to  http://127.0.0.1/my.site.com/foo.html gave me:

```

The requested URL /my.site.com/foo.html was not found on this server.

```

Ok, the rewriting does not work...

After reading this forum thread, I've use per-directory-directives in my /etc/apache2/httpd.conf:

```

<Directory /var/www/localhost/htdocs/my.site.com>

   AllowOverride All

</Directory>

```

And now the rewrite rule works and pointing my brower to  http://127.0.0.1/my.site.com/foo.html gives me:

```

The requested URL /my.site.com/bar.html was not found on this server.

```

And yes, now the rewrite works  :Very Happy: 

I note that for this simple rewrite to work, I only need the AllowOverride All and not the Options FollowSymLinks.

I have to do more reading on configuring Apache to understand why I must put the AllowOverride All in a per-sub-directory-directive inside httpd.conf   and not in a root-directory-directive <Directory />bla. bla </Directroy> I guess it has to do with restrictions as part of enhancing the security.

----------

