WP-Mix

A fresh mix of code snippets and tutorials

Redirect HTTP to PHP via .htaccess

Here is how to redirect specific URL requests to a PHP script for further processing, etc. Very useful for monitoring HTTP activity, logging errors, and more.

An example..

Let’s say that I want to receive an email every time something requests anything “evil” from the server. Using .htaccess, it’s easy to block all “evil” requests, but anything more than that is not possible. For example, we can’t use .htaccess to send an email or do anything else with the request, but we can redirect “evil” requests to a PHP script and further process from there. Here’s the basic technique..

Step 1: .htaccess

There are two steps required for this technique. First we need some .htaccess to “capture” and redirect the target HTTP activity to our PHP script. Here are some examples of .htaccess directives used to redirect different types of requests:

A) Redirect errors redirect errors such as 404, 403, 500, and so forth:

ErrorDocument 403 /log.php

B) Redirect specific URLs such as a blackhole trap for bad bots:

<IfModule mod_alias.c>
	RedirectMatch 301 /blackhole http://example.com/log.php?blackhole
</IfModule>

Notice that you can append a query string to the destination URL, which will then be available to you in the PHP script.

C) Redirect specific types of requests based on stuff like REQUEST_URI, REQUEST_METHOD, and HTTP_REFERER. For example, here’s how to redirect any request containing an “evil” string:

<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_URI} evil [NC]
	RewriteRule . /log.php [R=301,L]
</IfModule>

There are many ways to redirect with .htaccess. The important thing that all of these techniques have in common is that they ultimately redirect the request to our PHP log file for further processing. Let’s set that up next..

Step 2: PHP

Once you’ve got some .htaccess in place to redirect specific HTTP activity, you’re all set to create the log.php file and fill it with some leet PHP for further processing. For example, you can record the event in a database, add data to a blacklist, or simply send an email. The sky’s the limit, but to complete this tutorial, here is a basic starter script to demonstrate the potential of this technique.

So, create a file named log.php and upload it to the web-accessible root directory of your site. In it, you should have the following code snippet:

<?php // Redirect .htaccess to PHP @ https://wp-mix.com/redirect-http-php-htaccess/

$logtime = date("F jS Y, h:ia", time() - 28800); // offset: 28800 seconds = 8 hours
$qstring = htmlspecialchars($_SERVER['QUERY_STRING'], ENT_QUOTES);
$agent   = htmlspecialchars($_SERVER['HTTP_USER_AGENT']);
$request = filter_var('http://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"], FILTER_VALIDATE_URL);
$referer = filter_var($_SERVER['HTTP_REFERER'], FILTER_VALIDATE_URL);
$address = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP);

// do stuff with variables, for example send an email..

$myemail = 'email@example.com'; // email address

$message = 'Logtime: ' . $logtime . "\n" . 'Request: ' . $request . "\n" . 'Query-string: ';
$message .= $qstring . "\n" . 'Referrer: ' . $referer . "\n" . 'IP: ' . $address . "\n";
$message .= 'User-agent: ' . $agent . "\n";

mail($myemail, "HTTP report", $message, "from:" . $myemail);
echo $status;
exit();
?>

To receive the email alert, edit the $myemail variable with your address. This script safely filters request data and sends it to you in a nice email every time your target URL criteria are satisfied. So for example, if your .htaccess file redirects all 403 requests, then you’ll get an email each time a 403 request is triggered.

Note: keep in mind this is only an example to show how the technique works. It’s recommended that you modify things toward more practical goals ;)

Learn more

.htaccess made easy