Spring Sale! Save 30% on all books w/ code: PLANET24
Web Dev + WordPress + Security

Temporary Site Redirect for Visitors during Site Updates

[ Image: Abstract Mathematical Diagram ] In our article Stupid htaccess Tricks, we present the htaccess code required for redirecting visitors temporarily during periods of site maintenance. Although the article provides everything needed to implement the temporary redirect, I think readers would benefit from a more thorough examination of the process — nothing too serious, just enough to get it right. After discussing temporary redirects via htaccess, I’ll also explain how to accomplish the same thing using only a small slice of PHP. It’s like two tutorials combined into one! ;)

Temporary Site Redirect via .htaccess

For those of us with access to Apache .htaccess, this is the best way to redirect visitors temporarily.

The Complete Code

Without a doubt, many visitors to this article will be looking for a quick copy-&-paste fix. So we begin by presenting the required htaccess code in its entirety:

<Limit GET POST PUT>
	Order deny,allow
	Deny from all
	Allow from 123.456.789
</LIMIT>
ErrorDocument 403 /custom-message.html
<Files custom-message.html>
	Order allow,deny
	Allow from all
</Files>

Three steps to use this code:

  1. Change the IP address (123.456.789) to that of your own.
  2. Edit both “custom-message.html” to match your path and file name.
  3. That’s it. Copy/paste into your site’s root htaccess file, upload, test, and get out!

The Break-Down

Let’s break it down. You want to update your site privately, temporarily redirecting all visitors to a nice “Be Right Back” page. Our code makes it happen via the following logic (translated to meatspeak):

  1. First deny access to everyone, then allow access only to the webmaster.
  2. Serve everyone without access a customized 403 (forbidden) error page.
  3. Allow everyone access to the customized 403 (forbidden) error page.
<Limit GET POST PUT>
In the first line of our temporary redirect code, we open a <Limit> container targeting all requests to get, post, or put files to and from the server.
order deny,allow
The second line then specifies the order in which the server should execute the proceeding directives. It basically says, “first obey the deny rule and then obey the allow rule.”
deny from all
The next line is the deny rule. It simply says, “deny everybody” (i get like this sometimes). At this point in the game, everyone is denied access.
allow from 123.456.789
Then, this line says, “allow access to only this address”. Thus, the net effect of the first five lines accomplishes the first step of our logical sequence.
</LIMIT>
The fifth line simply closes the <Limit> container block.
ErrorDocument 403 /custom.html
In the sixth line, we are specifying a custom error page. All visitors that are denied access to your site will receive some sort of 403 error page. By default, a user that is denied access will see a simple page that says something to the effect of “403 Forbidden — You do not have authorization to access the requested resource.” Yikes, remove the sixth line of our htaccess code and that is the type of message that visitors will receive. Not exactly encouraging. So, by specifying a customized 403 error page in our redirect code, we are able to serve a much warmer 403 biscuit, as if to say, “I am updating my site right now, but I still love you and want you to come back in like 30 minutes.” Much better..
<Files success.html>
After all that drama, the next line opens the <Files> container and exclusively targets our custom 403 error page. Note that if the custom page were to exist in subdirectory, we would want to cut and paste the last four lines into the htaccess file of that directory, and also edit the ErrorDocument path to reflect its location.
order allow,deny
Again, we are specifying the order in which Apache should process the allow/deny directives.
allow from all
This line then allows everyone access to the previously specified file. You know, the one with the inspiring message.
</Files>
Finally, we conclude our htaccess redirect by closing the <Files> container. Taken together, the last four lines are basically telling the server to ignore the previous “deny everybody” directive only for the customized error page. All other pages remain strictly off-limits (at least until the site is ready and the code is commented out or removed).

The Wrap-Up

There you have it. To use this code during your next site update, prepare your customized 403 document and upload to your server. Edit the two variables mentioned in the first part of this article, copy and paste to your root htaccess file, and upload to your server. Remember to check that everything has been done properly by using a proxy to test the redirect. Once everything is up and running tough, go ahead update your site in relaxed fashion, knowing full-well that you are keeping your loyal visitors in the loop instead of scaring them away into the night.

Temporary Site Redirect via PHP

If redirecting via .htaccess is not an option, you can always do the job with a little PHP. Here are three possible ways of going about it..

Option One — Quick and Dirty

This is the easiest way to inform your visitors that the site is temporarily unavailable. Especially useful for quick site updates, this code will return a “503 Service Unavailable” HTTP status code to the client device while displaying a customized message informing visitors that a site update is in progress. Simply edit the following code with your specific information and place at the very beginning of your header.php file:

<?php $my_ip = "123.456.789";
if($_SERVER["REMOTE_ADDR"] != $my_ip && $_SERVER["HTTP_X_FORWARDED_FOR"] != $my_ip) {
   $retry = 60 * 60; // = 60 minutes
   header("HTTP/1.1 503 Service Unavailable");
   header("Retry-After: $retry");
   echo "<h1>Site update in progress - Please return in 60 minutes!</h1>";
   exit();
} ?>

Here are the items you should customize for the previous code to function properly:

  • $my_ip = "123.456.789" → your IP address
  • $retry = 60 * 60; → seconds until client should revisit your site
  • <h1>Site update..</h1> → your custom message to visitors

Option Two — Full Meal Deal

This method is more flexible in that it provides a temporary redirect to an alternate location. This is useful when you would like to send your visitors to a completely customized maintenance page or to a preexisting page on a different domain. As before, this method also delivers a “503 Service Unavailable” HTTP status code to the client and instructs a revisit after the specified period of time. To throw it down, first edit the next code block and place at the top of your header.php file:

<?php $my_ip = "123.456.789";
if($_SERVER["REMOTE_ADDR"] != $my_ip && $_SERVER["HTTP_X_FORWARDED_FOR"] != $my_ip) {
	header("Location: http://domain.tld/path/custom.php");
} ?>

..then, edit and paste this code into the top of your customized maintenance page (e.g., custom.php):

<?php
   $retry = 60 * 60; // = 60 minutes
   header("HTTP/1.1 503 Service Unavailable");
   header("Retry-After: $retry");
?>

Here are the items you need to customize for the previous method to function properly:

  • $my_ip = "123.456.789" → your IP address
  • ("Location: http://..) → the URL of your custom maintenance page
  • $retry = 60 * 60; → seconds until client should revisit your site

Option Three — Combo Pack

Our third method for redirecting site visitors during updates and maintenance is somewhat of a hybrid of the first two methods. As before, we are redirecting visitors to an alternate location, only this time we are replacing the content of the target maintenance page with an informative message. This option provides yet another degree of flexibility by enabling you to redirect and replace content on the fly. To set it off, edit and drop this first code chunk into the top of your header.php file:

<?php $my_ip = "123.456.789";
if($_SERVER["REMOTE_ADDR"] != $my_ip && $_SERVER["HTTP_X_FORWARDED_FOR"] != $my_ip) {
	header("Location: http://domain.tld/path/custom.php");
} ?>

..and then edit and slap this bad boy at the beginning of your target page:

<?php
   $retry = 60 * 60; // = 60 minutes
   header("HTTP/1.1 503 Service Unavailable");
   header("Retry-After: $retry");
   echo "<h1>Site update in progress - Please return in 60 minutes!</h1>";
   exit();
?>

Here are the items you need to customize for the previous method to function properly:

  • $my_ip = "123.456.789" → your IP address
  • ("Location: http://..) → the URL of your custom maintenance page
  • $retry = 60 * 60; → seconds until client should revisit your site
  • <h1>Site update..</h1> → your custom message to visitors

Further reading

A Question to readers..

The attentive reader will have noticed the use of two different HTTP status codes in this article. For the htaccess redirect, we call upon the mighty powers of the “403 - Fabidden” code, while in the PHP methods we get tough with a few “503 - Service Unavailable” chillz. I chose to include both because I am undecided as to which method is optimal from an SEO point of view.

So, my question to you: which HTTP status code is the better choice, and for what reasons?

About the Author
Jeff Starr = Creative thinker. Passionate about free and open Web.
Banhammer: Protect your WordPress site against threats.

27 responses to “Temporary Site Redirect for Visitors during Site Updates”

  1. Jeff Starr 2008/11/02 9:06 am

    @Kimberly: My pleasure! Thanks for the positive feedback! :)

  2. Thanks for the great script. Very handy. Is it possible to allow access from more than one IP address (I’m using Option 2)?

    Thanks again – Curtis

  3. Hi Curtis, sorry for the delayed response… Allowing more than one IP address is easily accomplished using a PHP array. Check out the following article for complete details and instructions on how to allow access for multiple IPs while redirecting everyone else. Cheers! :)

  4. Put your feet in Google’s shoes.

    Would you want to lists URLs that gave the customer a 403 when clicked?

    Would you bother crawling again anytime soon to see if it is not a 403
    anymore, compared to how soon you recrawl a 503?

    So now you see how dangerous it is to suggest using 403s, eh?

  5. Oh no. No button to subscribe to comments if we forgot to last message (button needs to be higher on form), without leaving another message.

  6. Jeff Starr 2009/02/21 7:40 pm

    Yes, absolutely agree, jidanni — if you read through the first five or six comments you will see that we reached the same conclusion: 503 for temporary redirects all the way! ;)

  7. Well, OK, however You Sir have left the dangerous statements at the
    top of the article, without adding warnings next to them, expecting
    people like, I Sir, are smart enough to read to the bottom before
    running off to try it at home. Ha, Wrong! :-)

    Plus, I have detected that your examples “$my_ip = “123.456.789”;” are not anywhere like the ones we use here on Earth,
    (123.156.189.101) so you clearly are a Martian! :-)

  8. Jeff Starr 2009/02/22 9:28 am

    Well now that my secret is revealed, I have no choice but to blacklist you from the site! ;)

  9. Eddie Giese 2009/11/03 2:05 pm

    Thanks for the code! I always struggle with htaccess syntax and logic for some reason. I do have a question, though: If I want to allow multiple IPs using the htaccess method (not the PHP method), can I just add more lines that are allow from 123.456.789.0

  10. Jeff Starr 2009/11/07 9:00 pm

    @Eddie: Absolutely! And for more information, I have another post on this topic here.

  11. I’m new to this scene and of course have a question. I’m developing a site using wordpress mu. If I use the 503 as you describe how does the admin get in to do the admin stuff if everyone gets redirected. Does it not redirect www.mysite.com\wp-admin

  12. Jeff Starr 2010/04/27 8:29 am

    Hi Bob, the purpose of these techniques is to grant access to you while denying or redirecting everyone else. That way you have full access to the site — including the Admin — and can do updates, maintenance, etc.

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
Thoughts
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.