Masquerading Your CGI/PHP Scripts as Static HTML Pages

Make your dynamic pages look like static HTML pages with a .htaccess trick

Masquerading Your CGI/PHP Scripts as Static HTML Pages

by Christopher Heng,

Once in a way, I get the occasional query from visitors to asking how they can hide their CGI or PHP scripts so that while the visitor thinks he/she is receiving a page like, he/she is actually getting the output of your script at The URL that is displayed in the visitor's browser remains "pagename.html", but the web server actually executes "scriptname.cgi". There are a few ways in which this can be accomplished without the visitor knowing any different. This article will show you a couple of methods, depending on what you're trying to accomplish.

System Requirements

For the methods listed below to work, the following are required:

  1. Your site must be hosted on an Apache Web Server.
  2. The server must be configured to allow .htaccess overrides.
  3. For the first method listed below to work, the Apache module mod_rewrite must be installed.

A. Masking Individual Dynamic Pages as Static Pages

Steps to Changing the File Type Without Changing the Extension

This section deals with one way to make certain dynamically generated pages appear as static HTML pages. To mask, say, as, take the following steps:

  1. Use an ASCII text editor and type in the following lines:

    RewriteEngine on
    RewriteBase /scripts/
    RewriteRule ^pagename\.html$ scriptname.php [T=application/x-httpd-php]

    Remember: you need an ASCII text editor for this. Do not use a word processor like Microsoft Word, Star Office or Wordpad. If you use Windows, you can find an ASCII text editor called Notepad in your Programs | Accessories menu. Or you can get one of the many free text editors available on the Internet from's Free ASCII Text Editors page at

  2. Save the file as ".htaccess" (without the quotes) and upload it into the directory of the script. In the case of the above example, save it into the scripts directory.

    If you are using Notepad, you have to save it as ".htaccess" (with the quotes) in order to force Notepad to save your file as ".htaccess". Otherwise it'll automatically add a ".txt" suffix.

  3. Create your script and upload it into that same directory, giving it the name scriptname.php (or whatever name you put into your RewriteRule in your .htaccess file).

    You should now test it by calling the script in your browser using (the "fake" name) to see if it works.

Customizing the .htaccess for Your Script

Here's how to customise the above .htaccess for your situation.

  1. If you place your scripts in another directory, change the RewriteBase line accordingly. For example, if you place it in a directory called "fakefiles", change it to

    RewriteBase /fakefiles/
  2. If you are trying to masquerade a CGI script named, say, scriptname.cgi as pagename.html, change the RewriteRule to:

    RewriteRule ^pagename\.html$ scriptname.cgi [T=application/x-httpd-cgi]

How It Works

Basically the above .htaccess lines tell the mod_rewrite module to rewrite any requests to, say, pagename.html internally to scriptname.php. At the same time, it changes the MIME type of the document to that of the PHP MIME type so that the server will do the right thing with the document. The visitor's browser will continue to display the pagename.html URL, since all this rewriting occurs behind the scenes without the client (browser or search engine) knowing what has transpired.

B. Making All Static Pages Parse as Dynamic Pages

If your intention is to have your whole site appear as static HTML pages while in reality being generated by (say) PHP, instead of only isolated pages as is assumed above, a simpler method than that outlined above is to simply add the following line to your .htaccess file:

AddType application/x-httpd-php .html

You would then name all your PHP scripts with a ".html" extension instead of the usual ".php".

In such a case, you would not need mod_rewrite to be loaded as an Apache module.

Potential Loopholes and How to Fix Them

When Apache serves a static web page, it will also issue a "Last-modified" header to the requesting client (such as a visitor's web browser). This "Last-modified" header tells the browser (or proxies or other clients) the date that the document was last changed. It allows browsers and proxies to know when it must reload the document to get the latest version. The header is not issued when a dynamically generated document is served - that is, it is not served when documents with server side includes (SSI) (such as *.shtml documents) and documents generated by scripts (such as PHP or Perl) are served.

When you use either of the above methods to serve your dynamic pages, the web server will also not generate this "Last-modified" header even though it may appear to your visitors as though it is receiving a ".html" file.

This has the advantage that your page will probably not be cached by proxy servers or certain browsers. This ensures that visitors get the latest version of your page.

The disadvantage of this, however, is that if you are really trying to pretend your page is a HTML document (for whatever reason), this lack of a "Last-modified" header will give the game away.

If your Apache web server has something known as the XBitHack compiled in, it is possible to force the server to issue the "Last-modified" header. The header will give the time your script was last modified as the date, regardless of whether your script will generate new information on each invocation.

To enable it, add the following line to your .htaccess file:

XBitHack full

Then make sure that your script has the group-execute bit set. If you usually chmod your scripts to either 0755, 0711, 0750, or 0710, you would have already fulfilled this requirement.

Think carefully before you enable this setting. There are many people in the world surfing the web through proxies. When you enable the XBitHack setting, these people might end up viewing an old copy of your page saved in the proxy's cache. This is especially so if your script can generate different output even when you have not modified the script file itself.

To Masquerade Or Not to Masquerade

In general, if you do not have a compelling reason why your dynamically generated page must appear as a static document, it is best to avoid using the above methods. All this chicanery adds to your server load, possibly affecting the speed of the delivery of your documents (depending on how many visitors are hitting your site each moment, of course).

Furthermore, if your purpose is simply to avoid dead links on your site (for example, when you've changed a previously static page to a dynamic one), the above method is not only an overkill, but your visitors will probably also never update their bookmarks since, to them, the URL still works fine. In fact, new visitors bookmarking your site will also end up adding that obsolete URL to their bookmarks, since that is the URL that will appear in their browser's location bar. In such an instance, you might be better off using the "Redirect" directive in your .htaccess file. (See the article Changing Web Hosts - Tips on Moving Your Website at for more information on this directive.)

Nonetheless, it is a useful tool, and when used appropriately, can go a long way to make your site more usable.

Copyright 2001-2007 by Christopher Heng. All rights reserved.
Get more free tips and articles like this, on web design, promotion, revenue and scripting, from

thesitewizard™ News Feed (RSS Site Feed)  Subscribe to newsfeed

Do you find this article useful? You can learn of new articles and scripts that are published on by subscribing to the RSS feed. Simply point your RSS feed reader or a browser that supports RSS feeds at You can read more about how to subscribe to RSS site feeds from my RSS FAQ.

Please Do Not Reprint This Article

This article is copyrighted. Please do not reproduce or distribute this article in whole or part, in any form.

Related Pages

New Articles

Popular Articles

How to Link to This Page

It will appear on your page as:

How to Masquerade Your CGI/PHP Scripts as Static HTML Pages

Link to Us
Site Map

Getting Started
Web Design
Search Engines
Revenue Making
Web Hosting
Perl / CGI
.htaccess / Apache


Free webmasters and programmers resources, scripts and tutorials Free How-To Guides
Site Design Tips at
Find this site useful?
Please link to us.