January 09, 2008

How To Redirect Users To an Updating Page When Modifying Your Website

One of the problems with uploading a new version of any website or web application is that there's always the chance that a user will come along just at the wrong time and try to access something. At best they'll see things in a not-quite-perfect state; at worst they could corrupt the site or break something (although if the user can't modify anything about the site then that's unlikely).

Luckily, if you're using Apache as your webserver and if you (or your ISP) has installed mod_rewrite then there's an easy way to stop this from happening.

The Technique

Basically, we tell mod_rewrite to redirect anyone who isn't us to an "update in progress" page. This means that everyone else sees a page explaining that the website is being updated, and you get to use use it and test it out as if it was live. Then when you're happy that it's all working, you can remove the mod_rewrite rules and let everyone in.

As mod_rewrite isn't the easiest of modules to get to grips with, I've written a little script to help generate the rules.

If you go the rule generator page it will give you a set of rules to copy into the .htaccess file on your website when you want to restrict access.

When they're added, only your computer (identified by its IP address) will be able to see the normal webiste. Everyone else will be redirected to "http://yourwebsite.com/updateinprogress/", so you'll need to upload a suitable "please be patient, we're upgrading the website" page into an "updateinprogress" folder on your website. Here's an example that I use when tedium is being updated.

Remember to make sure than any files linked from the update page are also in the "updateinprogress" folder - so that's any images, external CSS or javascript, etc. - because otherwise they'll be redirected and won't work.

Obviously, you need to remember to remove the mod_rewrite rules from your .htaccess when you're finished uploading your new site. It isn't immediately obvious that they're still there, because you'll be shown the real site - and yes, I have forgotten to do this myself before today...


Unfortunately, using the IP address to decide who should have access isn't perfect because some ISPs stick everyone behind NAT or force you through a transparent proxy.

The rule generator should cope with a transparent proxy, but I haven't been able to test it as I'm no longer forced to use one.

And if the IP address given in the first RewriteCond doesn't match the one you get from running ipconfig (if you're on Windows, from a command prompt) or ifconfig (on Linux) then there's NAT in the way. If that's the case, then anyone else using the same NAT will also be able to see your "real" website too. I've included an optional user-agent check which will restrict things a bit more, but again isn't perfect.

If you're using a broadband router for your Internet connection then that's probably doing NAT too, so check the router's IP address as well as running ipconfig or ifconfig. If the router's IP address matches the one given in the RewriteCond then you don't have to worry about NAT.

Hopefully that all makes sense. If anyone has any questions, or suggestions for better ways to work out who should and shouldn't be redirected, then leave a comment.


Posted by Adrian at January 9, 2008 12:15 PM | TrackBack

This blog post is on the personal blog of Adrian McEwen. If you want to explore the site a bit further, it might be worth having a look at the most recent entries or look through the archives or categories over on the left.

You can receive updates whenever a new post is written by subscribing to the recent posts RSS feed or

Post a comment

Remember personal info?

Note: I'm running the MT-Keystrokes plugin to filter out spam comments, which unfortunately means you have to have Javascript turned on to be able to comment.