.htaccess 'down for maitenance' and WordPress

OK so – we need a solid .htaccess rule to make the following happen:

Deny ALL from visiting the site (they are taken to ‘down for maintenance’ page, but ALLOW for me and our developer.

Yes, there is a WordPress Plugin but we had a terrible time with it.

Here’s our propsed .htaccess rule

RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^11\.111\.111\.111
RewriteCond %{REQUEST_URI} !^/maintenance\.html$
RewriteRule ^(.*)$ http://domain.com/maintenance.html [R=307,L]

First question please! How do we add a second IP address that is allowed to see the site in development?

Second question is – should this rule go FIRST above any other .htaccess rules in WordPress? WordPress does create its’ own .htaccess so hence my question.

Thanks!

Solutions Collecting From Web of ".htaccess 'down for maitenance' and WordPress"

Set the rules above the WordPress rules and use the [OR]/[AND] operators to concatenate RewriteRules (by default [AND] operator is used):

RewriteCond %{REMOTE_ADDR} !^11\.111\.111\.111 [OR]
RewriteCond %{REMOTE_ADDR} !^22\.222\.222\.222 [AND]
RewriteCond %{REQUEST_URI} !^/maintenance\.html$
RewriteRule ^(.*)$ http://domain.com/maintenance.html [R=502,L]

PD: correct status code for maintenance mode is 502, not 307.

How do we add a second IP address that is allowed to see the site in development?

We can just append just second REMOTE_ADDR like this since the default flag is [AND]

# BEGIN Maintenance 
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REMOTE_ADDR} !^11\.111\.111\.11$    #First Address
    RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89$     #Second Address
    RewriteCond %{REQUEST_URI} !^/maintenance\.html$
    RewriteRule ^(.*)$ http://example.com/maintenance.html [R=307,L]
</IfModule>
# END Maintenance

The above rules say if the request if not from first ip and not from second ip and the request is not /maintenance.html redirect them to maintenance page with headers 502. Props to @cybmeta , correct header for server maintenance is 502 and 307 is for temporary redirect.

The processing order for RewriteRule :

  • The Pattern of the RewriteRule ^(.*)$ is checked first.
  • If the pattern results true,
  • The Condition !^11\.111\.111\.11$ would be checked.
  • If that Condition is true or the OR-Flag was set to Condition !^123\.45\.67\.89$,
  • The second condition would be checked.
  • If this condition is true, too,then three and so on
  • At last,the substitution from the RewriteRule is applied.

Should this rule go FIRST above any other .htaccess rules in WordPress?

Yes/No, it depends on the rules you are having, preferably it should be above WordPress .htaccess generated rules otherwise flag[L] (last) in WordPress rules stops processing the next rules.

The [L] flag causes mod_rewrite to stop processing the rule set. In
most contexts, this means that if the rule matches, no further rules
will be processed. This corresponds to the last command in Perl, or
the break command in C. Use this flag to indicate that the current
rule should be applied immediately without considering further rules.

In your case it works either you place it at the top or at the bottom.(not tested)