Our Blog

Latest news and updates from HostingXtreme

How to lock your website down for maintenance with Apache .htaccess

Posted by at HostingXtreme on Comments Off on How to lock your website down for maintenance with Apache .htaccess

if your site was hacked and contains extremely offensive material or viruses, closing it while you repair it will help protect your visitors, prevent offensive content from getting indexed under your site’s name, and can prevent your pages from getting flagged with “This site may harm your computer” in Google search results.

  • Close your website to normal HTTP browser and crawler traffic
  • You will be able to use your control panel and FTP, and your FTP users will have access, too.
  • You as the owner are allowed to access the site normally, while everybody else is redirected to the maintenance page or blocked
  • The time your site is closed should be kept to the absolute minimum required to make it safe.
  • The methods that send HTTP response codes of 503 (the best) or 307 (an acceptable alternative) are recommended by Google.

Put the following code lines in your .htaccess file and customize the highlighted text as appropriate:

ErrorDocument 503 "Our website is temporarily closed for maintenance. It should reopen by 12/12/2012"
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^111.222.333.444$
RewriteRule .* - [R=503,L]

The ErrorDocument line specifies that the error document for a 503 response will be the one line of plain text inside the quotation marks. Keep the text line short. 80 characters should be safe. 128 might be ok. There is a maximum length, but I don’t remember what it was when I exceeded it once, or whether the maximum is the same in all Apache versions.

The RewriteCond line says that if the request did not come from your IP address (the ! means “not”), the RewriteRule will apply and the site will be reported as closed. But if the request did come from your IP address, the RewriteRule will not apply, so the site will function normally for you.

The RewriteRule line says that no matter what page was requested, send a 503 response along with the default “error document” specified a few lines earlier.

Source: 25 years of programming

Comments are closed.