Celebrating 20 years online :)
Web Dev + WordPress + Security

htaccess Redirect to Maintenance Page

Redirecting visitors to a maintenance page or other temporary page is an essential tool to have in your tool belt. Using HTAccess, redirecting visitors to a temporary maintenance page is simple and effective. All you need to redirect your visitors is the following code placed in your site’s root HTAccess:

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
 RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
 RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
 RewriteRule .* /maintenance.html [R=302,L]

That is the official copy-&-paste goodness right there. Just grab, gulp and go. Of course, there are a few more details for those who may be unfamiliar with the process. Let’s look at all the gory details..

Redirecting Traffic with HTAccess

To redirect your visitors to a maintenance page, place the previous code into an HTAccess file located in your site’s root directory. This will ensure that all pages and resources contained within your domain will be redirected for visitors. Thus, if you would like to redirect only requests for a specific subdirectory within your domain, the .htaccess file containing these rules would be placed in that directory (instead of root).

Now that the HTAccess is in place, you’ll need to create and upload your maintenance page, named “maintenance.html”, to the root directory of your site. This file can be just about anything, and does not need to be written in HTML. You can use, say, PHP to make it all dynamic, but remember to change the two instances of the file name in the HTAccess code to match the actual name of your file.

Code Explanation

  1. The first line is merely a comment to explain the purpose of the code. It is not processed by the server.
  2. The second line enables Apache’s rewrite engine, mod_rewrite. Depending on your server setup, this line may be unnecessary.
  3. The third line checks to see if the request is coming from your computer. If it is, then the redirect does not happen. For this to work, you need to change the numbers in this line to match your own IP address.
  4. The fourth line prevents an infinite-loop scenario by testing the request against the name of your maintenance page. Obviously, we don’t want to redirect requests for the page to which we are redirecting.
  5. The fifth and final line contains the action. It basically redirects all requests that meet both of the previous rewrite conditions to the specified maintenance page. Apache doesn’t allow us to use 500-level response codes, so we are stuck with the next best thing, a 302 – temporary – response.

Update: Multiple IP Addresses

It was asked in the comments how this might work when you want to allow multiple IP addresses. There are basically two ways. First, you can add more RewriteConds to the previous code, like so:

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
 RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
 RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.000
 RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
 RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
 RewriteRule .* /maintenance.html [R=302,L]

With this method, edit each IP address to match your own, and add/remove as many IPs as needed. The second method is equally effective, and looks like this:

 Order Deny,Allow
 Deny from all
 Allow from 123.456.789.000
 Allow from 123.456.789.000
ErrorDocument 403 /maintenance.html
<Files maintenance.html>
 Order Allow,Deny
 Allow from all

This method is a bit simpler, but not as good for SEO should the search engines visit while in maintenance mode. The first method sends a 302 - Moved temporarily status code, while the second sends a less accurate 403 - Forbidden status code. Even so, should you go with method #2, edit the IPs to those of your own, adding or removing new lines as needed for site access.

It’s like a Pandora’s Box..

It’s difficult to keep posts short and sweet when working with HTAccess techniques. There is just so much that you can do with it. For example, we can do htaccess password-protection, allow access to multiple visitors, request specific redirects, and much more. But I refrained from complicating things in an effort to keep this post focused and on-topic. Nonetheless, there is always room for improvement, so if you see something that could make this simple HTAccess-redirect technique even better, then please share via the comments. Thanks!

Further reading

About the Author
Jeff Starr = Web Developer. Book Author. Secretly Important.
Digging Into WordPress: Take your WordPress skills to the next level.

60 responses to “htaccess Redirect to Maintenance Page”

  1. Andrew Roberts 2012/03/09 9:13 pm

    Awesome! Exactly what I was looking for. I knew you or Chris would have my back :)

  2. Thank you so much for this! I have a quick question, is it possible to create several lines of: RewriteCond %{REMOTE_ADDR} !^123.345.678.000 in order to allow different IP addresses?

    • Great question, Mel – I’ve updated the post with two possible ways to allow multiple IP addresses. Cheers!

  3. Matthew Cario 2012/05/24 11:27 am

    This has been very helpful, but I feel as if I’m missing one more thing that isn’t working correctly. We’ve moved domains, but we need to keep one section still operable. Here’s the code I’m trying to use.
    # redirect an entire site via 301 except the imageblog

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !imageblog/$ [NC]
    RewriteRule ^.*$ http://www.shellerandcompany.com [R=301,L]

    Can you help to steer me in the right direction?

    • The easiest way to disable mod_rewrite is to place this snippet in the .htaccess file for /imageblog/:

      RewriteEngine off

      This way the rules in your root .htaccess won’t operate in that particular directory. There are other ways of doing it as well, but would require more work/testing/etc.

      More info on this method here.

  4. Liz Skorski 2012/05/29 5:42 am

    Thank you, a very easy fix.

  5. Hi, great code, just wondered how do keep open some sub domains and folders that have rewrite engine on?

  6. thanks for posting this. it helped me do exactly what i was hoping to be able to do!

  7. i stumbled to this post and it kinda resembles what i want to do but not. i’ll explain…

    firstly i have this already on my .htaccess file:

    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_HOST} !^mysite\.com$ [NC]
    RewriteRule ^(.*)$ http://mysite.com/$1 [R=301,L]

    here’s my issue: i want to redirect different subdomains to external url’s (social networks). let’s say i want to redirect this subdomain twitter.mysite.com to twitter.com/myusername and plus.mysite.com to https://plus.google.com/blahblahblah and so on so on. how will i go on doing that? been stuck for a couple of days and google has failed on me :(

    thanks in advance

    • Where are you applying the .htaccess rules? I ask because on most setups (that I’ve seen) .htaccess rules placed in the site’s root directory won’t affect any subdomains.. the rules need to be added directly to each subdomain. If you have lots of subdomains you’ll want to get access to the Apache’s main configuration file and apply the rules there.

      So to redirect a subdomain to some external URL, this would go in the root directory of the subdomain:

      RedirectMatch 301 / http://example.com/username

      That’s just one way to do it.. any redirect/rewrite technique should work fine.

      • yeah i was trying it on the root directory’s .htaccess file. thought this could be done that way.

        can’t think of any other way since i’m hosting my site on a different hosting site than my registrar so doing so in my domain manager won’t help since i’m setting my nameservers pointing to were it is hosted at :/

  8. Cristian O. Balan 2013/02/05 10:09 am

    Perfect, thanks!

  9. Hey Jeff,

    Great post, as always.

    When I apply the first code at the very top of this article and add my IP address, my site shows for me, but with no CSS. It is just straight HTML. It’s like the CSS was stripped. Have any idea why, or how I could modify the htaccess rules to prevent this?

    (Note: When I remove the line for my IP address, the redirect works and my maintenance.html file is up and running. It’s only when I add my IP address that my sight shows for me, but without CSS.)


    • Err, “sight” should be “site” in the last line of the parenthetical. :-)

    • Jeff Starr 2013/04/03 6:36 pm

      Hi Chris, you should be able to allow CSS thru by locating this:

      RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]

      ..and changing it to this:

      RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif|css) [NC]

      Likewise, to allow other types thru, such as JavaScript, do this:

      RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif|css|js) [NC]

  10. Awesome! Thanks Jeff.

    A few other questions:

    1.) Why are we allowing certain file types thru (and not others) when the site is essentially blocked from all visitors?

    2.) If there is no harm, is there a way to let ALL file types thru for the listed IP address (mine), so that development can go more smoothly?

    Thanks again!

    • Jeff Starr 2013/04/03 9:38 pm

      1) That’s just the way the technique is written.. use a limited set of files to display a “maintenance” message to visitors. Without allowing/whitelisting those files, the visitor would get raw HTML.

      2) Yes! Check out this post at WP-Mix: https://wp-mix.com/maintenance-mode-htaccess/

      • Thanks, once again!

        So this line of code: RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif|css|js) [NC] is specifically for allowing jpg, png, gif, css, and js on the maintenance.html page? But how would that affect my WordPress installation and site?

      • It shouldn’t affect anything on your site while in maintenance mode, because you’ve whitelisted/allowed your local IP address, so you can continue to work on the site openly, while visitors are allowed to see the maintenance page and associated file types. Does that help explain it?

  11. Yes, makes perfect sense. And thank you…

    My question remains though, why did I have to allow the CSS and Javascript file types through if my IP address is whitelisted? Doesn’t whitelisting my IP address grant me full access? That’s the part that I’m not getting. Or that just how it works?

    • Well, if you’re seeing the maintenance page, then you’re visiting from another IP address (one that is not whitelisted). So in that case, the only files that are getting through are the ones that have been explicitly allowed. On the other hand, if you have allowed your IP address, and then visit your pages from that IP address, then you shouldn’t see the maintenance page at all, rather you should see you normal files, which are allowed thru because they are not blocked. I hope that makes sense.. it helps to think of the technique in terms of the two possible scenarios: visiting the site via allowed IP, or visiting from any other IP.

      • Got it. Here’s what I was referring to though…

        1.) I visited my site without my IP address whitelisted and I saw the maintenance page. That was expected, and all was well.

        2.) Then I whitelisted my IP address, and I saw my WordPress site now, but it was without CSS. Then we allowed the CSS through and all was fine again.

        My problem was that I thought that the file types that we were allowing were ONLY for the maintenance page, and not the WordPress site itself (with my IP address whitelisted). Apparently not. What I understand now is that even with your IP address whitelisted, you still need to allow for certain file types to come through. Is that correct?

      • Hmm.. do you know which CSS files were being blocked? That might explain it..

  12. Not exactly sure Jeff (and sorry for the late reply here)… But I do now for sure that until I added RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif|css|js) [NC] into the mix, CSS was not coming through, even though I whitelisted my own IP address.

    Does it matter that my WordPress installation is in a subdirectory folder?

    • Jeff Starr 2013/04/09 2:04 pm

      It shouldn’t matter which directory for the WP install. But you may be on to something with this.. if it’s possible to recreate the event to see which CSS files are blocked, that would provide some useful information.

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Blackhole Pro: Trap bad bots in a virtual black hole.
Crazy that we’re almost halfway thru 2024.
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.