Temporary Site Redirect for Visitors during Site Updates
In our article Stupid htaccess Tricks, we present the htaccess code required for redirecting visitors temporarily during periods of site maintenance. Although the article provides everything needed to implement the temporary redirect, I think readers would benefit from a more thorough examination of the process — nothing too serious, just enough to get it right. After discussing temporary redirects via htaccess, I’ll also explain how to accomplish the same thing using only a small slice of PHP. It’s like two tutorials combined into one! ;)
Temporary Site Redirect via .htaccess
For those of us with access to Apache .htaccess, this is the best way to redirect visitors temporarily.
The Complete Code
Without a doubt, many visitors to this article will be looking for a quick copy-&-paste fix. So we begin by presenting the required htaccess code in its entirety:
<Limit GET POST PUT>
Order deny,allow
Deny from all
Allow from 123.456.789
</LIMIT>
ErrorDocument 403 /custom-message.html
<Files custom-message.html>
Order allow,deny
Allow from all
</Files>
Three steps to use this code:
- Change the IP address (
123.456.789
) to that of your own. - Edit both “
custom-message.html
” to match your path and file name. - That’s it. Copy/paste into your site’s root htaccess file, upload, test, and get out!
The Break-Down
Let’s break it down. You want to update your site privately, temporarily redirecting all visitors to a nice “Be Right Back” page. Our code makes it happen via the following logic (translated to meatspeak):
- First deny access to everyone, then allow access only to the webmaster.
- Serve everyone without access a customized 403 (forbidden) error page.
- Allow everyone access to the customized 403 (forbidden) error page.
<Limit GET POST PUT>
- In the first line of our temporary redirect code, we open a
<Limit>
container targeting all requests to get, post, or put files to and from the server. order deny,allow
- The second line then specifies the order in which the server should execute the proceeding directives. It basically says, “first obey the deny rule and then obey the allow rule.”
deny from all
- The next line is the deny rule. It simply says, “deny everybody” (i get like this sometimes). At this point in the game, everyone is denied access.
allow from 123.456.789
- Then, this line says, “allow access to only this address”. Thus, the net effect of the first five lines accomplishes the first step of our logical sequence.
</LIMIT>
- The fifth line simply closes the
<Limit>
container block. ErrorDocument 403 /custom.html
- In the sixth line, we are specifying a custom error page. All visitors that are denied access to your site will receive some sort of 403 error page. By default, a user that is denied access will see a simple page that says something to the effect of “403 Forbidden — You do not have authorization to access the requested resource.” Yikes, remove the sixth line of our htaccess code and that is the type of message that visitors will receive. Not exactly encouraging. So, by specifying a customized 403 error page in our redirect code, we are able to serve a much warmer 403 biscuit, as if to say, “I am updating my site right now, but I still love you and want you to come back in like 30 minutes.” Much better..
<Files success.html>
- After all that drama, the next line opens the
<Files>
container and exclusively targets our custom 403 error page. Note that if the custom page were to exist in subdirectory, we would want to cut and paste the last four lines into the htaccess file of that directory, and also edit theErrorDocument
path to reflect its location. order allow,deny
- Again, we are specifying the order in which Apache should process the
allow
/deny
directives. allow from all
- This line then allows everyone access to the previously specified file. You know, the one with the inspiring message.
</Files>
- Finally, we conclude our htaccess redirect by closing the
<Files>
container. Taken together, the last four lines are basically telling the server to ignore the previous “deny everybody” directive only for the customized error page. All other pages remain strictly off-limits (at least until the site is ready and the code is commented out or removed).
The Wrap-Up
There you have it. To use this code during your next site update, prepare your customized 403 document and upload to your server. Edit the two variables mentioned in the first part of this article, copy and paste to your root htaccess file, and upload to your server. Remember to check that everything has been done properly by using a proxy to test the redirect. Once everything is up and running tough, go ahead update your site in relaxed fashion, knowing full-well that you are keeping your loyal visitors in the loop instead of scaring them away into the night.
Temporary Site Redirect via PHP
If redirecting via .htaccess is not an option, you can always do the job with a little PHP. Here are three possible ways of going about it..
Option One — Quick and Dirty
This is the easiest way to inform your visitors that the site is temporarily unavailable. Especially useful for quick site updates, this code will return a “503 Service Unavailable” HTTP status code to the client device while displaying a customized message informing visitors that a site update is in progress. Simply edit the following code with your specific information and place at the very beginning of your header.php
file:
<?php $my_ip = "123.456.789";
if($_SERVER["REMOTE_ADDR"] != $my_ip && $_SERVER["HTTP_X_FORWARDED_FOR"] != $my_ip) {
$retry = 60 * 60; // = 60 minutes
header("HTTP/1.1 503 Service Unavailable");
header("Retry-After: $retry");
echo "<h1>Site update in progress - Please return in 60 minutes!</h1>";
exit();
} ?>
Here are the items you should customize for the previous code to function properly:
$my_ip = "123.456.789"
→ your IP address$retry = 60 * 60;
→ seconds until client should revisit your site<h1>Site update..</h1>
→ your custom message to visitors
Option Two — Full Meal Deal
This method is more flexible in that it provides a temporary redirect to an alternate location. This is useful when you would like to send your visitors to a completely customized maintenance page or to a preexisting page on a different domain. As before, this method also delivers a “503 Service Unavailable” HTTP status code to the client and instructs a revisit after the specified period of time. To throw it down, first edit the next code block and place at the top of your header.php
file:
<?php $my_ip = "123.456.789";
if($_SERVER["REMOTE_ADDR"] != $my_ip && $_SERVER["HTTP_X_FORWARDED_FOR"] != $my_ip) {
header("Location: http://domain.tld/path/custom.php");
} ?>
..then, edit and paste this code into the top of your customized maintenance page (e.g., custom.php
):
<?php
$retry = 60 * 60; // = 60 minutes
header("HTTP/1.1 503 Service Unavailable");
header("Retry-After: $retry");
?>
Here are the items you need to customize for the previous method to function properly:
$my_ip = "123.456.789"
→ your IP address("Location: http://..)
→ the URL of your custom maintenance page$retry = 60 * 60;
→ seconds until client should revisit your site
Option Three — Combo Pack
Our third method for redirecting site visitors during updates and maintenance is somewhat of a hybrid of the first two methods. As before, we are redirecting visitors to an alternate location, only this time we are replacing the content of the target maintenance page with an informative message. This option provides yet another degree of flexibility by enabling you to redirect and replace content on the fly. To set it off, edit and drop this first code chunk into the top of your header.php
file:
<?php $my_ip = "123.456.789";
if($_SERVER["REMOTE_ADDR"] != $my_ip && $_SERVER["HTTP_X_FORWARDED_FOR"] != $my_ip) {
header("Location: http://domain.tld/path/custom.php");
} ?>
..and then edit and slap this bad boy at the beginning of your target page:
<?php
$retry = 60 * 60; // = 60 minutes
header("HTTP/1.1 503 Service Unavailable");
header("Retry-After: $retry");
echo "<h1>Site update in progress - Please return in 60 minutes!</h1>";
exit();
?>
Here are the items you need to customize for the previous method to function properly:
$my_ip = "123.456.789"
→ your IP address("Location: http://..)
→ the URL of your custom maintenance page$retry = 60 * 60;
→ seconds until client should revisit your site<h1>Site update..</h1>
→ your custom message to visitors
Further reading
- Allow access to external IPs during development
- Maintenance mode via .htaccess
- htaccess Redirect to Maintenance Page
A Question to readers..
The attentive reader will have noticed the use of two different HTTP status codes in this article. For the htaccess redirect, we call upon the mighty powers of the “403 - Fabidden
” code, while in the PHP methods we get tough with a few “503 - Service Unavailable
” chillz. I chose to include both because I am undecided as to which method is optimal from an SEO point of view.
So, my question to you: which HTTP status code is the better choice, and for what reasons?
27 responses to “Temporary Site Redirect for Visitors during Site Updates”
@Kimberly: My pleasure! Thanks for the positive feedback! :)
Thanks for the great script. Very handy. Is it possible to allow access from more than one IP address (I’m using Option 2)?
Thanks again – Curtis
Hi Curtis, sorry for the delayed response… Allowing more than one IP address is easily accomplished using a PHP array. Check out the following article for complete details and instructions on how to allow access for multiple IPs while redirecting everyone else. Cheers! :)
Put your feet in Google’s shoes.
Would you want to lists URLs that gave the customer a 403 when clicked?
Would you bother crawling again anytime soon to see if it is not a 403
anymore, compared to how soon you recrawl a 503?
So now you see how dangerous it is to suggest using 403s, eh?
Oh no. No button to subscribe to comments if we forgot to last message (button needs to be higher on form), without leaving another message.
Yes, absolutely agree, jidanni — if you read through the first five or six comments you will see that we reached the same conclusion: 503 for temporary redirects all the way! ;)
Well, OK, however You Sir have left the dangerous statements at the
top of the article, without adding warnings next to them, expecting
people like, I Sir, are smart enough to read to the bottom before
running off to try it at home. Ha, Wrong! :-)
Plus, I have detected that your examples “$my_ip = “123.456.789”;” are not anywhere like the ones we use here on Earth,
(123.156.189.101) so you clearly are a Martian! :-)
Well now that my secret is revealed, I have no choice but to blacklist you from the site! ;)
Thanks for the code! I always struggle with htaccess syntax and logic for some reason. I do have a question, though: If I want to allow multiple IPs using the htaccess method (not the PHP method), can I just add more lines that are
allow from 123.456.789.0
@Eddie: Absolutely! And for more information, I have another post on this topic here.
I’m new to this scene and of course have a question. I’m developing a site using wordpress mu. If I use the 503 as you describe how does the admin get in to do the admin stuff if everyone gets redirected. Does it not redirect
www.mysite.com\wp-admin
Hi Bob, the purpose of these techniques is to grant access to you while denying or redirecting everyone else. That way you have full access to the site — including the Admin — and can do updates, maintenance, etc.