25 Years of Programming
An open source source for C, C++, OWL, BASIC, MDB, XLS, DOT, and more...
How to close your website for maintenance with Apache .htaccess
You should, and almost always can, perform routine maintenance on your site without closing it down, but people sometimes ask how to take a site offline, so here are several methods.
Only an emergency justifies taking a site offline, but if your site was hacked and contains extremely offensive material or viruses, closing it while you repair it will help protect your visitors, prevent offensive content from getting indexed under your site's name, and can prevent your pages from getting flagged with "This site may harm your computer" in Google search results. If you were hacked, see also Step By Step Repair After A Website Hack.
All the methods below close the site to normal HTTP browser and crawler traffic, but you will be able to use your control panel and FTP, and your FTP users will have access, too. Four of the methods are easily customized so that you as the owner are allowed to access the site normally, while everybody else is redirected to the maintenance page or blocked.
The time your site is closed should be kept to the absolute minimum required to make it safe.
Your current IP address
There are several places below where example IP addresses are shown. Before using any of the code that refers to an IP address, be sure to change the example digits to the digits of your own IP address. The expressions containing the example IP addresses have backslashes in them. Change only the digits. Leave the backslashes in.
Your IP address right now appears to be: 220.127.116.11
If you have a high-speed broadband internet connection, your IP address is always the same. With a dial-up telephone connection, your IP address is different every time you connect to the internet, so while you're working on this project it will be necessary to keep your .htaccess code updated so it always matches whatever your current IP is.
All the methods involve manually editing your Apache .htaccess file, so you need to know how to do that (Method #4, below, has the details).
Before making any changes to .htaccess, save a copy of the original so you can put it back if necessary.
Modifying .htaccess manually is least likely to cause problematic side-effects IF:
If you do use the FrontPage Extensions or cPanel Hotlink Protection, the relatively simple procedures below are more complicated and must be done with great care. Both programs make automated modifications to .htaccess, and each of them "thinks" it owns .htaccess. The two programs can interfere with each other, and your manual edits to .htaccess can make either or both of them think the file is corrupted, for reasons described in a previous article. Putting back the original .htaccess should be sufficient to restore Hotlink Protection to the way it was, but that might or might not completely restore the Extensions. It might be necessary to uninstall and reinstall them, which can have complications of its own.
Try to avoid FrontPage Extensions conflicts
Before editing .htaccess manually, you can use FrontPage the usual way to upload any new files you'll need (maintenance.php, for example, as described later). After the needed files are in place, close FrontPage and do not use it to connect to your site in any way whatever while you modify and use your new .htaccess. Don't connect with FrontPage again until you've put back the original .htaccess.
Try to avoid cPanel Hotlink Protection conflicts
To reduce the chances of corrupting .htaccess:
1) Simplest, almost-best method: send plain text status code 503 - Service Unavailable
This method, because of its simplicity, is easy to install and therefore preferable for most webmasters, especially if you are in a hurry. It sends an HTTP response code of "503 - Service Unavailable" which tells search engines that this is a temporary problem.
This method only has two drawbacks, both minor:
Put the following code lines in your .htaccess file and customize the highlighted text as appropriate:
ErrorDocument 503 "Our website
closed for maintenance. It should reopen by..."
The ErrorDocument line specifies that the error document for a 503 response will be the one line of plain text inside the quotation marks. Keep the text line short. 80 characters should be safe. 128 might be ok. There is a maximum length, but I don't remember what it was when I exceeded it once, or whether the maximum is the same in all Apache versions.
The RewriteCond line says that if the request did not come from your IP address (the ! means "not"), the RewriteRule will apply and the site will be reported as closed. But if the request did come from your IP address, the RewriteRule will not apply, so the site will function normally for you.
The RewriteRule line says that no matter what page was requested, send a 503 response along with the default "error document" specified a few lines earlier.
2) Best method: Rewrite to return status code 503 - Service Unavailable
This method rewrites the incoming request to a PHP file that returns the 503 response code and tells search engine crawlers how long to wait before trying again, which is the main advantage of using this method. The text on the informational page can be formatted however you want, to inform human visitors what the problem is.
Example code for maintenance.php or maintenance.html
Here is a maintenance.php you can use for method #2 above. The first line that says <?php must be at the very top of the file, with nothing, not even a blank line, above it.
Retry-After tells robots how long to wait (in seconds) before trying again. It is set here to 48 hours to allow for cleaning up a badly damaged website.
You can also use this text as maintenance.html for method #3 below. Just leave out the top 5 lines in yellow (the PHP code).
3) Third-best way to take your site offline: 307 redirect
This method uses a code 307 redirect to serve a "Site Closed for Maintenance" page instead of whatever page was requested. The 307 tells search engine crawlers that this is a temporary condition, and the text on the page informs visitors what the problem is.
If you are not able to use PHP required by method #2, this is an alternative. Its disadvantage is that you cannot specify a Retry-After time interval.
It is basically the same procedure as for Method #2:
This method uses two simple lines of .htaccess code to deny web access. Anyone requesting a file gets a "403 - Forbidden" error page instead. It is very fast. It can be installed in 1-2 minutes, but it is bad because it will confuse visitors and you might lose search engine ranking or indexing for pages that are crawled during the downtime. However, you could use this method briefly during the time it takes to set up and install one of the others.
The drawbacks are:
To reopen your site, remove the two .htaccess lines you added.
In addition to the purpose described here (closing the whole site), this method is useful wherever you need to make an individual folder inaccessible by web. Just put an .htaccess file with the above 2 lines in the folder you want to close.
.htaccess configurations apply to the folder where .htaccess is located and all its subdirectories. That is why, when you put this code in your top level public_html/.htaccess, it closes the entire site.
5) Fast and flexible method - deny everybody except yourself
This variation of #4 above allows you to access your site normally, but turns away everybody else.
# AN ALTERNATIVE THAT ALLOWS ONLY YOUR IP ADDRESS
You can ask questions and get assistance in the forum.
Copyright ©2012 Steven Whitney. Last modified Sun 07/29/2012 10:52:43 -0700.