Introduction In this tutorial, we'll examine two topics simultaneously. Mod_rewrite and Mod_Security will become necessary as you advance as a PHP developer, and you'll need to use them on your web applications. You can learn a lot about Mod_rewrite and Mod_Security by reading this lesson, and it will also broaden your understanding of what Mod rewrite is capable of. The mod rewrite module is an Apache engine that rewrites URLs according to rules. Several apps have functionality like proxy fetching and page redirection. Let's get right into this tutorial without wasting much time! Prerequisites Below, are the things you need to get ready before you can use Mod rewrite and Mod security in PHP. First, you will need to have Apache installed on your server and Mod rewrite enabled. You will need to have access to the Apache Configuration files, which are located in the or directory on a Linux Server. But if you’re using Xammp, you can find the Apache Configuration file like this , etc. Note, that the Apache Configuration file contains both Mod rewrite and Mod security. /etc/httpd/conf /etc/apache2/ C:\xampp\apache\conf\original You will also need to make sure that the directive is set to the directory where you want to use it. If is set to , the mod_rewrite won’t work. AllowOverride All AllowOverride None Finally, you will need to create a file in the directory where you want to use and include the rewrite rules in this file. .htaccess mod_rewrite What Is Mod_Rewrite? is an Apache module that allows you to rewrite URLs cleanly and flexibly. It can perform various tasks, such as redirecting requests to a different page, allowing you to use shorter and more user-friendly URLs, and more. Note, another name for the Mod_rewrite is the Rewrite module mod_rewrite What Is Mod_Security? , also known as ModSecurity, is an Apache module that protects a range of web-based attacks. It can be used to block malicious requests, filter input, and log activity for further analysis. mod_security ModSecurity can help protect your website from a variety of threats, including cross-site scripting (XSS) attacks, SQL injection attacks, and more. How to Set Up Mod_Rewrite And Mod_Security In the following sections, we will discuss how to set up mod rewrite and mod security. You must have access to the Apache configuration files on your web server to configure and in a PHP project. mod_rewrite mod_security Although they are often pre-installed with Apache, certain modules might not always be active. You may activate and set up these modules as follows: Launch a text editor, and open the or configuration file for Apache. httpd.conf apache2.conf Search for directive. Remove the character to uncomment it if it is commented out (i.e., is preceded by a character). The module will then be enabled. mod_rewrite LoadModule # # mod_rewrite Search for directive. Remove the to uncomment it if it has been commented out. With this, the module will be enabled. mod security LoadModule # mod_security To make the changes effective, save the configuration file and restart Apache. To utilize your PHP project, you must create a file in the project's root directory. The directives in this file define the URL rewriting rules for your project. mod_rewrite .htaccess RewriteRule You must write a configuration file (often called ) that details the security policies for your project to utilize . The Apache configuration directory should contain this file (often on Ubuntu or CentOS). mod security.conf mod_security /etc/apache2/ /etc/httpd/ How You Can Use Mod_Rewrite and Mod_security Two Apache modules, mod rewrite and mod security, can be combined to improve a website's functionality and security. An effective tool for changing URLs and rerouting traffic is a mod rewrite. Incoming requests may be redirected to various pages using it, URLs can be masked to make them more user-friendly, and it can even stop some attacks by denying requests that include harmful characters. Mod rewrite, for instance, may be used to route all traffic from an outdated URL to a new one or to route all requests for a page that isn't there to a unique 404 error page. Additionally, you may use it to redirect requests to a different URL or to prohibit particular requests that follow a specific pattern. A web application firewall called mod security, on the other hand, may be used to stop dangerous requests before they even reach your website. It may be set up to recognize and stop frequent attack types including SQL injection and cross-site scripting (XSS) assaults. For instance, you may use mod security to stop all requests from coming from IP addresses or ranges that are known to be used by attackers or to stop all requests that include specific terms or patterns that are linked to harmful attacks. When combined, mod rewrites and mod security can assist you in building a strong, secure website that is better equipped to fend off threats and improve user experience. But keep in mind that setting mod security to stop all fraudulent requests is a difficult operation, and it is simple to err. As a result, it can wind up blocking traffic from genuine sources or valid requests. It's better to get advice from an expert if you don't know how to accomplish this. How to Check if Mod_Rewrite Is Enabled in the PHP You’re Using There is a built-in function in PHP called . This function allows us to print all currently loaded modules and check whether or not is enabled. phpinfo mod_rewrite Note that XAMPP is the local server in use here. Write the following code in the file (You can call your file whatever name you wish). You just create it in the directory, and then save the file. check.php **c:/xampp/htdocs** <?php
  echo phpinfo();
?> The process above will help you check if the load module is enabled or not in your PHP version by writing out the code snippet above in your Code editor opened for this project. **mod_rewrite** 2. Now, launch the XAMPP Control Panel, and launch the Apache server. 3. Open a web browser of your choice, and enter the URL localhost/check.php. It will show information about the PHP version and the configuration of Apache. You will see your version of PHP after the PHP info has been echoed in your code. When you scroll down, you will find a section called configuration with a sub-heading **apache2handler** Note, that the configuration section contains a lot of essential tools in PHP. The in means Modules, and PHP has a lot of Inbuild modules loaded inside of it. But what we will be looking at is the . Below, is where you can find the mod_rewrite in the configuration section. **Mod** **Mod_rewrite** **mod_rewrite** The highlighted text is the mod_rewrite, and it’s installed inside the loaded modules under the configuration section. The steps above are one of the easiest ways to check if php mod_rewrite is enabled in the version of PHP you’re using. How You Can On/Off Mod_Rewrite and Mod_security From Your .htaccess file Most developers don’t know that you can Turn Mod_rewrite off and on; some may know but don’t know the particular place that enables you to turn your mod_rewrite and mod_security on/off. I have an answer that will be of help to you which is the .htaccess file is what enables you to turn on/off your mod_rewrite and mod_security. Note, that mod_rewrite and mod_security may be enabled and disabled in your .htaccess file by adding or removing particular lines of code. Add the following code to your .htaccess file to enable mod rewrite: RewriteEngine On To turn off mod_rewrite, add the following line to your .htaccess file: RewriteEngine Off Mod security cannot be turned on or off at will; instead, this must be done in the Apache Server Configuration. However, you may customize various rules and settings in your. htaccess file, such as turning off specific rules or changing how they behave: SecRuleEngine Off This will turn off the rule engine for mod_security so that no rules will be enforced. And to turn it back on: SecRuleEngine On It is worth noting that it is highly recommended not to turn off mod_security in a production environment as it can leave your website vulnerable to attacks. Instead, you should carefully configure the rules to match your specific needs. Also, you may need to restart the Apache server for the changes to take effect. Conclusion The end of this tutorial is here. Hopefully, you’ve learned so much from this tutorial. So far, we’ve learned a lot of things about PHP mod_rewrite and mod_security. We’ve known that we can set up mod_rewrite and mod_security and how to use it. We’ve also learned how to check if mod_rewrite is enabled in your PHP version. We also saw how we can turn Mod_rewrite and Mod_security on/off from our .htaccess file you’re free to drop a comment! And pls follow me for more tutorials. Till next time, have a wonderful day! About The Author is a full-stack Laravel developer with years of experience in the software development industry. Emmanuel Okolie 2+ He has developed full-blown skills in combining software development, writing, and teaching others what he does. His stacks include and more. JavaScript, PHP, ReactJs, Laravel, He is currently freelancing, building websites for clients, and writing technical tutorials teaching others how to do what he does. is open and available to hear from you. Kindly visit and follow him on or his Emmanuel Okolie , Linked-In , Facebook , Github , Twitter . Website Also published here

JavaScript Array Manipulation: Understanding the pop() Method for Beginners

Mastering the PHP GD Library - Part 3: Building a Captcha

Read My Stories

Too Long; Didn't Read

Make resilience your competitive advantage

PHP Mod_Rewrite And Mod_Security: Here's What You Need to Know

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Efficient API Interaction And Consumption With Laravel: A Beginner's Guide

10 Use Cases for Using Laravel to Build Web App Development Projects

2.6 Million Domains and ~45,000 Exposed Phpinfo() Later… the Story of Unprotected Phpinfo()

2016 In Review: The Year of Exploits

20 principles for Craft CMS

Efficient API Interaction And Consumption With Laravel: A Beginner's Guide

10 Use Cases for Using Laravel to Build Web App Development Projects

2.6 Million Domains and ~45,000 Exposed Phpinfo() Later… the Story of Unprotected Phpinfo()

2016 In Review: The Year of Exploits

20 principles for Craft CMS

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps