I recommend several changes/corrections:

Options +FollowSymLinks
RewriteEngine on
#
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89$
RewriteCond %{REQUEST_URI} !/maintenance_page\.html$
RewriteRule \.html$ http://www.example.com/maintenance_page.html [R=302,L]

Will this work? On my server, yes. On yours, there is no way to tell but to test it -- both with a fake IP address in the first RewriteCond (to test the redirect case), and then --after deleting your browser cache-- with your own IP address in the first RewriteCond (to see no redirect).

If it doesn't work, the the problem is likely to do with mod_rewrite not being enabled on your server, or interference from MultiViews/content-negotiation or AcceptPathInfo, both of which should be disabled if your site does not require them.

You should re-consider "taking the site off-line for maintenance" as this simply should not be done, except for database re-formatting/re-indexing. In many cases, it's possible to use the server config or .htaccess to keep two copies of the site on the server, serve the new version to your own IP address while continuing to serve the old version to visitors. Then, once testing on the new version is complete, modify just two RewriteRule or DocumentRoot directives, and instantly "swap" the old/new sites.

With that approach, the only "services" that must be off-line for maintenance are ones that can write to the database -- you can often still allow read access while performing the maintenance.

Web users are finicky, and less loyal than in the past when there were far fewer Web sites to choose from. Once they find your site has abruptly been "closed," many will go find alternate sites that "still work" and they won't come back to yours, as they think it may still be closed and can't be bothered to check. For this reason, taking a site down for maintenance (or any other reason) is not an option that you should choose willingly.

Jim

Thanks for those changes. As there are many different files on the website (php, jpeg, txt, etc), will the "RewriteRule \.html$ " part redirect every request to /maintenance.html , or only requests trying to access .html files ? Just wondering if it should be "RewriteRule ^/(.*) " ?

On yours, there is no way to tell but to test it -- both with a fake IP address in the first RewriteCond (to test the redirect case),

I have no idea how to access it with a fake IP.

This .htaccess code worked ..

Order Deny,Allow
Deny from all
Allow from my.ip.add.res

but that returned a 501 or a 503 I think, a bit harsh, and doesn't help spiders, etc.

You should re-consider "taking the site off-line for maintenance" as this simply should not be done, except for database re-formatting/re-indexing.

I have reason to believe the site, and/or the db have been accessed (unauthorised access), and it is very hard to pinpoint what has been done. The easy solution is to wipe every thing and reload. My local copy of all the files checks out exactly, but there is some parts of the db that have changed, and it is extremely hard to narrow that down. It will take less time to wipe the site, and the db, and reload every thing.

I know bots/spiders, etc will see the 302, but they know it's a temp redirect, and it will only be 2 to 3 days at the most. I'm sure they will come back.

I have kept 2 copies of the site before, one was used for testing, but it does require another db, other usernames, etc, etc, and php files do have to be modified. It was covenient at the time, but the reload will actually be less work.

Thanks for your help,

J

I didn't say "access the site from a fake IP address," I said "put a fake IP address in that RewriteCond." You could change it to "12.34.56.78" or "w.x.y.z" -- It doesn't matter as long as it won't match your own IP address, so that you can test what will happen when the requesting IP address does not match (you should see the maintenance message in this case). Do be sure to delete your browse cache between testing the two cases, or you won't likely get valid test results...

Also, "Deny from all" will normally return a 403-Forbidden response, not a 501-Not Implemented or 503-Service Unavailable response.

As kindly as possible, I advise you to note and correctly report all these little details, since you risk your site's correct operation and search rankings with even a simple oversight or a single typo...

It is unnecessary (and futile) to redirect anything but "page" requests -- Images won't be requested unless included on a previously-requested page, and if you redirect that page request, then either the image won't be requested because it won't be included on the "maintenance notice page", or if it is, then it should be served as usual. Also, clients (e.g browsers) won't know what to do if an html page is returned in response to their request for an included-object (e.g. image, css, or JavaScript file) request -- They can't handle that, and will just show a broken image anyway. So, no need to redirect anything but "page" requests.

You may wish to change the previously-posted RewriteRule pattern to "\.(php|s?html?)$" if your "page types" include .php, .htm, .html, .shtm, and .shtml filetypes. Note that this pattern makes the leading "s" and trailing "l" on "htm" optional, saving having to specify a separate subpattern for each of those four HTML filetypes. Modify to suit... :)

Leave your robots.txt and sitemap.xml files alone -- Don't change them, and don't redirect requests for them. Same for any "Webmaster authentication/validation" files for the various search engines' "Webmaster tools."

You might consider selectively serving a 503 to search engines and redirecting only "humans" if there is any possibility that your site will be down for more than two days. This takes a bit of work, since you'll need to write a small php script to send the 503 response to search 'bots. But I'd be leery of relying on a 302 for more than two days myself, as it is functionally interpreted as "Index the original URL, but with this new content" and the "new content" in this case is "This site temporarily off-line for maintenance."

Jim

I'm sorry about my misunderstanding about the fake IP address; I see what you mean now.

As kindly as possible, I advise you to note and correctly report all these little details, since you risk your site's correct operation and search rankings with even a simple oversight or a single typo...

Will do, I have noted your recommendations, and will do so. As I can tar up the complete (new) websie, and just upload in one hit, it will only take less than 1/2 day at the most to have the site down.

Thanks,

J

We see other Webmasters go crazy when their sites go down for more than a few seconds, so I wonder at your cavalier attitude about taking your site down.

Again, you've got the ability to put multiple versions of your site onto your server in separate subdirectory-paths, easily map the URLs alternately (and transparently) to one or the other subdirectory -- either unconditionally or based upon various aspects of the HTTP request-- and accomplish a complete switch-over from one site version to the other by changing a single line of server config code.

I'm not really trying to force my opinion on you, but in my world, intentionally taking a site off-line is simply not done. And if it is done, people lose their jobs. :o

Jim

I used the following as instructed

Options +FollowSymLinks
RewriteEngine on
#
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89$
RewriteCond %{REQUEST_URI} !/maintenance_page\.html$
RewriteRule \.(php|s?html?)$ http://www.example.com/maintenance_page.html [R=302,L] 

and it worked okay, the page came up, as my IP didn't match. There was one mimor problem though. Quite a number of links, don't have any filename in them, as they are path names, and the server just open index.php

These are names like http://example.com/sitemap/ , which of course opens a file called http://example.com/sitemap/index.php , but as there was no direct call to a php file, then the site displayed, with the sitemap details displayed as well.

Is there a method to redirect, for any IP that isn't mine, when "any" sort of request is made (including path names, or links that don't contain php or html , etc.

Of course, as you say, files like robots.txt , and there is an MSN xml file, and both Google and Yahoo have files that they access. It would be ideal to still let them access those few files.

Well, that makes the pattern a bit more complex, but it's do-able:

Options +FollowSymLinks
RewriteEngine on
#
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89$
RewriteCond %{REQUEST_URI} !/maintenance_page\.html$
RewriteRule ^([^/]*/)*(([^.]+\.)+(php|s?html?))?$ http://www.example.com/maintenance_page.html [R=302,L]

The pattern now matches requests for .html, .htm, .shtml, .shtm, and .php files, and directory-index requests (URL-paths ending with a slash).

Jim

Thanks very much Jim. :)

With that modified rule, I now get a 500 error.

...Later - it's okay, it was some php error that was causing the 500 for some reason. The error logs didn't show anything for 10 or 15 mins, and then they showed the problem.

Thanks. :)