Menu
I have here three conditions but I can't find the real difference because they do the same work:
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTPS} =off
RewriteCond %{HTTPS} off
This site (http://httpd.apache.org/docs/current/mod/mod_rewrite.html) says:
Syntax:
RewriteCond TestString CondPattern [flags]
CondPattern is usually a perl compatible regular expression, but there is additional syntax available to perform other useful tests against the Teststring:
Why do I need an additional comparison syntax if the condition itself has the task to compare against the regex?
260
They do not do the same work.
Straight RewriteCond assumes that the condition expression is a regular expression.
The syntax with = and != performs a simple string comparison.
The results are the same in your example only because the string you used has no regexp syntax.
Confusion about this can lead to bug and security issues.
For example, an attacker can exploit a condition like the one below by just sending a "Host" header with wwwXexample.com:
RewriteCond %{HTTP_HOST} www.example.com [NC]
Whereas the condition below will match only if the host is www.example.com.
RewriteCond %{HTTP_HOST} =www.example.com [NC]
There are other implications, most notably performance: straight string comparison is way faster than regexp matching.
Rule of thumb: use regexp if you want to match against a pattern. Otherwise use exact string comparison.
138
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
