What would be the better way to display site under maintenance for php websites .Is there any configuration in IIS or Php.ini file that i can use of .Or should i just load a offline page based on my parameter in config file .So if the parameter is true load the offline.html or if it is 0 load login page. Please let me know your thoughts about it .
-
2Just use index.php with a fancy message. – HamZa Feb 04 '15 at 22:56
-
1Or very simply, you could just do it into your website files, just add a redirect to a offline page. – Scott Powell Feb 04 '15 at 22:57
-
Please take a look at my answer... I tottaly agree with Chris, however, there are some possible security holes in this solution. – Jacek Kowalewski Feb 04 '15 at 23:16
3 Answers
Usually index.html
takes precedence over index.php
, if you're using the Apache defaults. Just add an index.html
file with the maintenance message and then delete it once you're done.
Jacek is right - this doesn't stop anyone from accessing anything other than the site's main index.php
.

- 6,145
- 3
- 19
- 31
-
Today I learned. [Further reading...](http://stackoverflow.com/questions/7873634/why-does-index-html-have-priority-over-index-php) – HamZa Feb 04 '15 at 23:09
-
Please, take a look at my answer, I found a great idea for that :). Hope it will help. – Jacek Kowalewski Feb 04 '15 at 23:29
You can use a .htaccess
file in your web directory to keep people from accessing your site while its under maintenance. Put it in your root and add something like:
Order Deny,Allow
Deny From All
<Files ~ "index.html$">
Allow from all
</Files>
Then people will only be able to acces the index.html file. Make that some Under Maintenance page.

- 10,614
- 5
- 24
- 35
-
dan08 considering the intended use of this. Your .htaccess rule should include a way for the site owner to still access the pages so they can verify the update was a success prior to removing the .htaccess rule. Perhaps exempting their IP from the redirect – greg_diesel Feb 04 '15 at 23:22
-
Thats is a good idea, however, there are sometimes many machines under one IP. Take a look at my answer, I had come with something really interesting :). – Jacek Kowalewski Feb 04 '15 at 23:30
I added +1 to Chris answer, and then realised there are really important security issues with it. OK, index.php
has lower priority then index.html
, but it doesn't mean, that user cannot enter in the browser for example: www.address.com/something. In that case, it is really unpredicted how will the site response. In some CMS it will load subpage, and in some other not... Sometimes in .htaccess
there are all unknown to index.php redirections...
In that case, if you are making changes on your site (online - which you shouldn't) during the index.html
overwrite remember that everything You are changing can possibly be reached by the user. So if you change login system, and there will be an error that everyone can login without password, someone can enter some other URL, or travel to your page from google and destroy something.
To make it an answer: you can overwrite default main page with index.html, but it is really a good idea to change .htaccess to rewrite all to index.html, just for safety during file editing or uploading.
PS. I think this was worth to mention in new answer, as this is really a huge security hole.
UPDATE
I found a great idea. If all your requests are redirected to index.php - which usually are, if you want, you can write a simple if in index.php:
if ($_SERVER['HTTP_USER_AGENT'] != 'wfuia eu2348 1029 38efoa ojei') {
echo 'Site under maintence';
}
else {
// Your old index.php
}
Then, change you user agent to: 'wfuia eu2348 1029 38efoa ojei', and feel free to test everything. I think this is safe enough to test site for few minutes and remove those few lines after. The user agent should be complicated, and the only way to hack it, is to take over Your internet transmission packages, and rewrite it, which is not so obvious. Hope it helps.

- 2,761
- 2
- 23
- 36