The rule means that requests to /test/status/ will be redirected to /rewrite-status the url will be rewritten. /test/status/ %{context-path}/rewrite-status ^/StartAuthentication$ /dispatcher?mod=id_saml1&action=GetArtifact ^/StartAuthentication\?(.*)$ /dispatcher?mod=id_saml1&action=GetArtifact&$1 ^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$ /dispatcher?mod=$1&action=$2 ^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$ /dispatcher?mod=$1&action=$2&$3 ^/pvp2/metadata$ /dispatcher?mod=id_pvp2x&action=Metadata&%{query-string} ^/pvp2/redirect$ /dispatcher?mod=id_pvp2x&action=Redirect&%{query-string} ^/pvp2/post$ /dispatcher?mod=id_pvp2x&action=Post&%{query-string} ^/PVP2Soap$ /dispatcher?mod=id_pvp2x&action=Soap The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url) the url /rewrite-status will be rewritten to /test/status/. The above rule and this outbound-rule means that end users should never see the url /rewrite-status only /test/status/ both in thier location bar and in hyperlinks in your pages. /rewrite-status /test/status/