SysAdmin Tools

.htaccess Generator

Generate Apache .htaccess rules for HTTPS redirects, www canonicalisation, caching, compression, and security hardening.

.htaccess preview
# No rules configured yet
# Enable options on the left to generate your .htaccess file

An .htaccess generator lets you create Apache server configuration rules visually without writing a single line of Apache syntax from memory. The .htaccess file (hypertext access) is a per-directory configuration file that Apache reads on every request, allowing you to control redirects, security rules, caching, compression, and error handling at the directory level without touching the main server configuration.

Getting .htaccess rules right is notoriously difficult. Apache's mod_rewrite syntax is powerful but cryptic — a missing [L] flag, a wrong regular expression anchor, or a forgotten RewriteEngine On directive can make an entire site redirect loop or return unexpected errors. This generator handles the syntax for you: toggle the options you need, and the tool builds a correctly formatted file in real time that you can copy or download.

The generator covers the most common use cases: forcing HTTPS to encrypt all traffic, redirecting between www and non-www to consolidate your SEO link equity, enabling gzip compression to speed up page loads, setting browser caching headers to reduce repeat visitor load times, and hardening your server with security rules that block directory listing, hide sensitive files, and prevent image hotlinking. Each section is independently configurable — enable only what your project needs.

The generated .htaccess file is compatible with Apache 2.4 and uses standard modules: mod_rewrite, mod_deflate, mod_expires, and mod_headers. All directives include comments explaining what each block does, making the output easy to understand and extend.

How to Use the .htaccess Generator

  1. 1

    Configure your redirect rules

    Toggle HTTPS enforcement and choose your www preference — force www, force non-www, or leave as-is. These two settings affect how search engines and browsers resolve your domain and should match your SSL certificate.

  2. 2

    Add security and performance options

    Enable gzip compression to reduce page transfer sizes by 60–80%, set browser caching durations for static assets, and toggle security rules such as disabling directory listing and blocking access to hidden files like .env and .git.

  3. 3

    Set custom error pages and redirects

    Enter paths for 404, 403, and 500 error pages to show branded error messages instead of Apache defaults. Add custom 301 redirects for old URLs that have moved to new locations.

  4. 4

    Copy or download the file

    The right panel shows your generated .htaccess in real time. Click "Copy to Clipboard" to paste it directly, or click "Download .htaccess" to save the file with the correct hidden filename ready for upload.

  5. 5

    Upload to your server root

    Upload the .htaccess file to the root of your website (the public_html or www directory). Rules apply immediately — no server restart required. Test your redirects in a browser and check Apache error logs if something behaves unexpectedly.

Understanding .htaccess Directives

Apache reads the .htaccess file on every incoming request and applies the directives in order from top to bottom. The most important module is mod_rewrite, which provides RewriteEngine, RewriteCond, and RewriteRule. Rules are processed sequentially, and the [L] flag stops processing after a match. Conditions (RewriteCond) must all match before the following RewriteRule fires. Performance directives — mod_deflate for gzip and mod_expires for caching — reduce the bytes transferred on each request and the number of requests the browser makes. Security directives prevent information disclosure: Options -Indexes hides directory listings, <FilesMatch> blocks access to sensitive files, and referer-based rules prevent other sites from hotlinking your images and consuming your bandwidth.
FieldDescription
RewriteEngine OnMust appear before any RewriteRule or RewriteCond. Enables the mod_rewrite engine for the current directory.
RewriteCondA condition that must be true for the following RewriteRule to fire. Multiple conditions are ANDed together by default.
RewriteRuleDefines the URL pattern to match and the target to rewrite or redirect to. Flags like [L,R=301] control behaviour.
ErrorDocumentMaps an HTTP status code to a custom page path. ErrorDocument 404 /404.html shows your branded 404 page.
Options -IndexesDisables directory listing. Without this, Apache shows file lists for any directory that lacks an index.html.
mod_expiresSets browser caching (Expires headers) per file type. Longer cache durations reduce bandwidth and repeat visitor load times.
mod_deflateEnables gzip compression of text-based responses. Reduces transfer size by 60–80% for HTML, CSS, and JavaScript.

Common .htaccess Use Cases

Force HTTPS on every page

The most critical redirect for any modern website. Redirecting HTTP to HTTPS ensures all traffic is encrypted and prevents the browser from showing "Not Secure" warnings. It also consolidates PageRank to the HTTPS version of your pages.

Canonicalise www vs non-www

Google treats www.example.com and example.com as separate URLs. Consistently redirecting one to the other consolidates your link equity to a single canonical domain, improving SEO and preventing duplicate content penalties.

Improve page speed with caching and compression

Browser caching tells visitors' browsers to store static assets locally for days or months, dramatically reducing load times on return visits. Combined with gzip compression, these rules can cut page weight by 70% and shave seconds off load time.

Harden server security

Block directory listing so attackers cannot see your file structure, protect the .htaccess file itself from web access, block .env and .git directories from being served, and prevent hotlinking that would drain your bandwidth allowance.

.htaccess Generator — Frequently Asked Questions

What is a .htaccess file?
A .htaccess (hypertext access) file is a per-directory configuration file that Apache web server reads on every request. It lets you override server settings for a specific directory without editing the main Apache config. Common uses include URL redirects, HTTPS enforcement, custom error pages, caching rules, and access control. The file is named with a leading dot which makes it hidden on Linux systems.
How do I force HTTPS redirect in .htaccess?
Enable the "Force HTTPS" toggle in this generator. The output uses RewriteEngine On, a RewriteCond checking if HTTPS is off, and a RewriteRule that redirects all requests to the https:// version with a 301 permanent redirect. This approach requires mod_rewrite to be enabled on your Apache server, which it is by default on most shared hosting providers.
How do I redirect www to non-www (or non-www to www)?
Choose your preferred version in the WWW Redirect section of the generator. "Force non-www" adds a rule that detects a www prefix in the host and removes it. "Force www" adds the prefix if it is missing. Use whichever matches the version you set as canonical in Google Search Console. The redirect is always 301 (permanent) to preserve SEO value.
Where do I upload my .htaccess file?
Upload the .htaccess file to the root directory of your website — typically public_html, www, or httpdocs depending on your hosting control panel. The rules apply to that directory and all subdirectories below it. You can also place .htaccess files in subdirectories to apply different rules to specific sections of your site. Use FTP, SFTP, or your hosting file manager to upload.
Why is my .htaccess file not working?
The most common causes are: mod_rewrite not enabled on the server, AllowOverride not set to All in the Apache virtual host (which prevents .htaccess from being read), a syntax error in the file, or the file being uploaded with the wrong name (missing the leading dot). Check your Apache error log for specific error messages. On cPanel hosting you can enable mod_rewrite from the Apache Handlers section.
What is mod_rewrite in Apache?
mod_rewrite is an Apache module that provides a rule-based URL rewriting engine. It uses regular expressions to match incoming URLs and can rewrite them internally or redirect the browser to a different URL. It is the engine behind HTTPS enforcement, www canonicalisation, pretty URLs (removing .php extensions), and most other URL manipulation in .htaccess files. It must be enabled with RewriteEngine On before any rules are processed.
How do I enable gzip compression in .htaccess?
Enable the "Gzip Compression" toggle in the generator. This adds a mod_deflate block that compresses HTML, CSS, JavaScript, JSON, XML, SVG, and plain text responses before sending them to the browser. Compression typically reduces transfer sizes by 60–80%, resulting in faster page loads, lower bandwidth consumption, and better Core Web Vitals scores. Most shared hosting providers have mod_deflate enabled by default.
How do I set browser caching rules in .htaccess?
Enable the "Browser Caching" toggle and select a cache duration (1 month, 6 months, or 1 year). The generator adds a mod_expires block that instructs browsers to cache images, CSS, JavaScript, and font files locally. On return visits the browser loads assets from its local cache instead of downloading them again, dramatically reducing page load time. Use 1 year for assets with versioned filenames (e.g. main.a1b2c3.css) and shorter durations otherwise.
Can I use .htaccess on Nginx servers?
No. .htaccess is an Apache-specific feature. Nginx does not read .htaccess files at all — Nginx configuration must be written in nginx.conf or a site-specific server block file, which typically requires server-level access. If you are on Nginx and need equivalent rules (HTTPS redirect, caching, compression), these are configured in the Nginx site config, often located in /etc/nginx/sites-available/.
How do I block access to hidden files like .env using .htaccess?
Enable the "Block access to hidden files" security toggle in this generator. It adds a FilesMatch rule that blocks any file whose name starts with a dot — covering .env, .git, .htpasswd, and similar sensitive files. Without this rule a visitor could potentially read your .env file by navigating directly to https://yourdomain.com/.env, exposing database credentials and API keys.

Related Tools

SSL Checker

Verify your HTTPS certificate is valid after adding the HTTPS redirect rule.

Security Headers

Audit HTTP security headers to complement your .htaccess hardening rules.

Redirect Checker

Trace the full redirect chain after deploying your .htaccess redirect rules.