In this tutorial, we'll examine two topics simultaneously. Mod_rewrite and Mod_Security will become necessary as you advance as a PHP developer, and you'll need to use them on your web applications.
You can learn a lot about Mod_rewrite and Mod_Security by reading this lesson, and it will also broaden your understanding of what Mod rewrite is capable of. The mod rewrite module is an Apache engine that rewrites URLs according to rules. Several apps have functionality like proxy fetching and page redirection.
Let's get right into this tutorial without wasting much time!
Below are the things you need to get ready before you can use Mod rewrite and Mod security in php.
First, you will need to have Apache installed in your server and Mod rewrite enabled
You will need to have access to the Apache Configuration files, which are located in the
/etc/apache2/directory on a Linux Server. But if you’re using Xammp you can find the Apache Configuration file like this
C:\xampp\apache\conf\originaletc. Note, the Apache Configuration file contains both Mod rewrite and Mod security.
You will also need to make sure that the
AllowOverridedirective is set to
Allfor the directory where you want to use
AllowOverrideis set to
Nonethe mod_rewrite Won’t work.
Finally, you will need to create a
.htaccessfile in the directory where you want to use
mod_rewriteand include the rewrite rules in this file.
mod_rewrite is an Apache module that allows you to rewrite URLs cleanly and flexibly. It can perform various tasks, such as redirecting requests to a different page, allowing you to use shorter and more user-friendly URLs, and more. Note, another name for the Mod_rewrite is the Rewrite module
mod_security, also known as ModSecurity, is an Apache module that protects a range of web-based attacks. It can be used to block malicious requests, filter input, and log activity for further analysis. ModSecurity can help protect your website from a variety of threats, including cross-site scripting (XSS) attacks, SQL injection attacks, and more.
In the following sections, we will discuss how to set up mod rewrite and mod security.
You must have access to the Apache configuration files on your web server to configure
mod_security in a PHP project. Although they are often pre-installed with Apache, certain modules might not always be active. You may activate and set up these modules as follows:
Launch a text editor and open the
apache2.confconfiguration file for Apache.
LoadModuledirective. Remove the
#character to uncomment it if it is commented out (i.e., is preceded by a
mod_rewritemodule will then be enabled.
LoadModuledirective. Remove the
#to uncomment it if it has been commented out. With this, the
mod_securitymodule will be enabled.
To make the changes effective, save the configuration file and restart Apache.
mod_rewritein your PHP project, you must create a
.htaccessfile in the project's root directory. The
RewriteRuledirectives in this file define the URL rewriting rules for your project.
You must write a configuration file (often called
mod security.conf) that details the security policies for your project to utilize
mod_security. The Apache configuration directory should contain this file (often
/etc/apache2/on Ubuntu or
Two Apache modules, mod rewrite and mod security, can be combined to improve a website's functionality and security.
An effective tool for changing URLs and rerouting traffic is mod rewrite. Incoming requests may be redirected to various pages using it, URLs can be masked to make them more user-friendly, and it can even stop some attacks by denying requests that include harmful characters.
Mod rewrite, for instance, may be used to route all traffic from an outdated URL to a new one or to route all requests for a page that isn't there to a unique 404 error page.
Additionally, you may use it to redirect requests to a different URL or to prohibit particular requests that follow a specific pattern.
A web application firewall called mod security, on the other hand, may be used to stop dangerous requests before they even reach your website. It may be set up to recognize and stop frequent attack types including SQL injection and cross-site scripting (XSS) assaults.
For instance, you may use mod security to stop all requests from coming from IP addresses or ranges that are known to be used by attackers, or to stop all requests that include specific terms or patterns that are linked to harmful attacks.
When combined, mod rewrite and mod security can assist you in building a strong, secure website that is better equipped to fend off threats and improve user experience. But keep in mind that setting mod security to stop all fraudulent requests is a difficult operation, and it is simple to err. As a result, it can wind up blocking traffic from genuine sources or valid requests. It's better to get advice from an expert if you don't know how to accomplish this.
There is a built-in function in PHP called
phpinfo. This function allows us to print all currently loaded modules and check whether or not
mod_rewrite is enabled.
- Note that XAMPP is the local server in use here.
Write the following code in the
check.php file (You can Call your file whatever name you wish). you just created it in the
**c:/xampp/htdocs** directory, then save the file.
<?php echo phpinfo(); ?>
The process above will help you check if the
**mod_rewrite** load module is enabled or not in your PHP version, by writing out the code snippet above in your Code editor opened for this project.
You will see your version of PHP after the PHP info has been echoed in your code. and when you scroll down you will section a section called configuration with a sub-heading
Note, the configuration section contains a lot of essential tools in PHP. The
**Mod_rewrite** means Modules, and PHP has a lot of Inbuild modules loaded inside of it. But What we will be looking at is the
**mod_rewrite**. Below is where you can find the mod_rewrite in the configuration section.
The highlighted text is the mod_rewrite and it’s installed inside the loaded modules under configuration section. The steps above is one of the most easy way to check if php mod_rewrite is is enabled in the version of PHP you’re using.
Most developers don’t know that you can Turn Mod_rewrite off and on, some may know but don’t know the particular place that enables you to turn your mod_rewrite and mod_security on/off. I have an answer that will be of help to you which is the .htaccess file is what enables you to turn on/off your mod_rewrite and mod_security. Note, mod_rewrite and mod_security may be enabled and disabled in your .htaccess file by adding or removing particular lines of code.
Add the following code to your .htaccess file to enable mod rewrite:
To turn off mod_rewrite, add the following line to your .htaccess file:
Mod security cannot be turned on or off at will; instead, this must be done in the Apache Server Configuration. However, you may customize various rules and settings in your.htaccess file, such as turning off specific rules or changing how they behave:
This will turn off the rule engine for mod_security so that no rules will be enforced. And to turn it back on
It is worth noting that it is highly recommended to not turn off mod_security in a production environment as it can leave your website vulnerable to attacks. Instead, you should carefully configure the rules to match your specific needs.
Also you may need to restart the Apache server for the changes to take effect.
The end of this Tutorial is here hopefully, you’ve learned so much from this tutorial. So far we’ve learned a lot of things about PHP mod_rewrite and mod_security.
We’ve known that we can set up mod_rewrite and mod_security and how to use it. We’ve also learned how to check if mod_rewrite is enabled in your PHP version.
And we also saw how we can turn Mod_rewrite and Mod_security on/off from our .htaccess file you’re free to drop a comment! And pls follow me for more tutorials.
Till next time, have a wonderful day!
Emmanuel Okolie is a full-stack laravel developer with
2+ years of experience in the software development industry.
He has grown full-blown skills in combining Software Development, Writing, and Teaching others what he does. His stacks include
Laravel, and more.
He is currently freelancing, building websites for clients, and writing technical tutorials teaching others how to do what he does.