Htaccess Generator
Web ToolsGenerate Apache .htaccess files with redirects, URL rewrites, password protection, compression, caching, and security headers.. Free, private — all processing in your browser.
This tool is coming soon. Check back later!
The Htaccess Generator creates Apache .htaccess configuration files for common site-management tasks: redirects (301/302), URL rewriting, canonical redirects (www/non-www, HTTP to HTTPS, trailing slash), password protection, IP blocking, compression, browser caching, security headers, and custom error pages. Apache is still widely used (shared hosting, WordPress hosting, LAMP stack sites) and .htaccess is the standard way to configure per-directory rules without editing the main server config.
Configure via structured forms — pick what you want (redirect, password protect, gzip, etc.), fill in parameters, and the tool generates syntactically correct .htaccess output. Presets cover common scenarios: force HTTPS, redirect www to non-www (or vice versa), block specific IPs, password protect a directory, enable compression and caching, add security headers like X-Frame-Options and Content-Security-Policy. All generation runs client-side — server paths and IP addresses stay in your browser.
Htaccess Generator — key features
Common presets
Quick templates for HTTPS redirect, www canonical, WordPress, security hardening.
Redirect builder
Structured form for 301/302 redirects with source and destination URLs.
Rewrite rules
Generate mod_rewrite rules with conditions and flags.
Password protection
Generate AuthType Basic configuration with htpasswd reference.
Compression and caching
Ready-to-use mod_deflate and mod_expires blocks for performance.
Security headers
HSTS, X-Frame-Options, X-Content-Type-Options, CSP directives via Header directive.
IP blocking
Block single IPs or CIDR ranges via Require directives.
Client-side generation
All rules assembled locally; server paths stay in your browser.
How to use the Htaccess Generator
- 1
Pick tasks
Select which features you need: redirect, force HTTPS, compression, caching, security headers, password protection, etc.
- 2
Configure each
Fill in parameters via structured forms (redirect sources, IP addresses, cache durations).
- 3
Preview
Review the generated .htaccess before using.
- 4
Download or copy
Save as .htaccess or copy to clipboard for deployment.
- 5
Upload to server
Place .htaccess in your site’s document root or the specific directory you want rules to apply to.
Common use cases for the Htaccess Generator
SEO and redirects
- →Force HTTPS: Redirect all HTTP traffic to HTTPS with a single 301 redirect rule.
- →Canonical redirect: Redirect www to non-www (or vice versa) to consolidate authority on one URL form.
- →Old-to-new URL mapping: Generate bulk 301 redirects for a site migration or URL restructuring.
Security
- →Password protect staging: Add Basic Auth to staging or admin directories to prevent unauthorized access.
- →Block malicious IPs: Deny specific IPs or CIDR ranges that have been attacking your site.
- →Security headers: Add HSTS, CSP, X-Frame-Options to harden your site without code changes.
Performance
- →Enable gzip compression: Reduce page size with mod_deflate for common content types.
- →Browser caching: Tell browsers to cache static assets for long periods using mod_expires.
- →Hotlink protection: Prevent other sites from embedding your images and consuming bandwidth.
Htaccess Generator — examples
Force HTTPS
Redirect all HTTP to HTTPS.
force HTTPS preset
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]301 redirect
Specific path redirect.
from /old-path to /new-path
Redirect 301 /old-path https://example.com/new-path
WWW canonical
Redirect non-www to www.
non-www to www
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]Password protect
Basic auth for directory.
protect /admin
AuthType Basic AuthName \"Admin Area\" AuthUserFile /path/to/.htpasswd Require valid-user
Cache static assets
Aggressive caching for images and CSS.
1 year cache for images, 1 month for CSS
<IfModule mod_expires.c> ExpiresActive On ExpiresByType image/jpg \"access plus 1 year\" ExpiresByType text/css \"access plus 1 month\" </IfModule>
Technical details
.htaccess uses Apache directive syntax. Common sections:
RewriteEngine On — required to enable mod_rewrite.
Redirects (permanent vs temporary):
Redirect 301 /old-path https://example.com/new-path
RewriteRule variant (more flexible):
RewriteRule ^old-path/?$ /new-path [R=301,L]
Force HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Force www (or non-www):
RewriteCond %{HTTP_HOST} ^example\\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
Password protection (Basic Auth):
AuthType Basic
AuthName \"Restricted Area\"
AuthUserFile /path/to/.htpasswd
Require valid-user
The .htpasswd file contains hashed credentials separately.
IP blocking:
<RequireAll>
Require all granted
Require not ip 192.0.2.1
Require not ip 203.0.113.0/24
</RequireAll>
Compression (mod_deflate):
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>
Browser caching (mod_expires):
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg \"access plus 1 year\"
ExpiresByType image/png \"access plus 1 year\"
ExpiresByType text/css \"access plus 1 month\"
ExpiresByType application/javascript \"access plus 1 month\"
</IfModule>
Security headers:
Header set X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"
Custom error pages:
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
Directory index:
DirectoryIndex index.html index.php
Hotlink protection (prevent others from embedding your images):
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www\\.)?example\\.com/ [NC]
RewriteRule \\.(jpg|jpeg|png|gif)$ - [F,NC]
Limits:
- .htaccess is parsed on every request, adding latency. For performance, move rules to main Apache config when possible
- .htaccess requires AllowOverride in main config to work
- Complex rules can become hard to debug; test thoroughly
nginx doesn\u2019t use .htaccess. For nginx, these rules go in the server block.
Common problems and solutions
⚠Server returns 500 after upload
.htaccess syntax errors cause 500 errors. Check server error log for the specific line. Common issues: unquoted spaces, missing module (mod_rewrite not enabled), wrong directive names.
⚠AllowOverride restricts rules
If AllowOverride None in Apache main config, .htaccess directives are ignored. Your host must set AllowOverride All or at least AllowOverride FileInfo to enable redirects and rewrites.
⚠Module not enabled
mod_rewrite, mod_deflate, mod_expires must be enabled in Apache. Shared hosts usually have these enabled; self-hosted Apache may not. Check with phpinfo() or server docs.
⚠Redirect loop
A rule that matches its own output creates infinite redirects. Use RewriteCond to prevent the rule from applying after the desired transformation.
⚠Order matters
Directives are processed top to bottom. A catch-all redirect at top prevents later specific rules from running.
⚠nginx doesn’t use .htaccess
nginx ignores .htaccess files. If your site is on nginx, these rules must be translated to nginx server block syntax.
⚠Performance overhead
.htaccess is re-parsed on every request. For maximum performance, move rules to main Apache config. For most sites, the overhead is negligible.
Htaccess Generator — comparisons and alternatives
Compared to writing .htaccess by hand, this tool provides structured forms and valid syntax. Hand-writing is possible but error-prone for complex rules.
Compared to CMS security plugins (iThemes, Wordfence), this tool gives low-level control over Apache configuration. Plugins offer application-level security; .htaccess works at the server level.
Compared to nginx configuration tools, this tool is Apache-specific. For nginx, use nginx-specific configuration generators instead.
Frequently asked questions about the Htaccess Generator
▶What is .htaccess?
A per-directory configuration file for Apache web servers. Placed in your document root (or any subdirectory), it applies Apache directives to that directory and its subdirectories. Used for redirects, rewrites, authentication, caching, and security settings.
▶Does .htaccess work on nginx?
No. nginx doesn’t support .htaccess files. If your site is on nginx, you need to translate these rules to nginx server block syntax and place them in the nginx configuration.
▶How do I force HTTPS with .htaccess?
Add: RewriteEngine On / RewriteCond %{HTTPS} off / RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]. This redirects all HTTP traffic to HTTPS with 301 permanent redirect.
▶Can I password protect a directory?
Yes. Add AuthType Basic, AuthName, AuthUserFile (path to .htpasswd file), and Require valid-user to .htaccess. Then generate the .htpasswd file separately with hashed username/password.
▶Why did my site break after uploading .htaccess?
Most likely a syntax error causing Apache to return 500. Check the server error log for the specific line. Common issues: unknown directives, wrong quoting, or directives requiring modules that aren’t enabled.
▶How do I test my .htaccess?
Upload to a test directory and visit URLs that should be affected. Use curl -I to check headers and redirect behavior. Apache’s error log reveals syntax errors. Online .htaccess testers exist but can’t replicate your exact server environment.
▶Is my IP list private?
Yes. Generation runs in your browser. IP addresses you configure stay local.
▶Should I use .htaccess or server config?
For maximum performance, configure in main httpd.conf or a VirtualHost. .htaccess is easier because you don’t need server access, but it’s parsed on every request. For shared hosting, .htaccess is usually your only option. For dedicated servers, prefer main config.
Additional resources
- Apache .htaccess documentation — Official Apache documentation on .htaccess files.
- mod_rewrite guide — Comprehensive mod_rewrite reference.
- htpasswd generator — Apache htpasswd tool for generating credentials files.
- OWASP Apache hardening — Security best practices for Apache web servers.
- HTML5 Boilerplate .htaccess — Widely-used starter .htaccess with sensible defaults.
Related tools
All Web ToolsCanonical URL Checker
Check canonical URL tags on any page and detect missing, wrong, or conflicting canonicals that cause SEO duplicate content issues.
CSP Header Generator
Generate Content Security Policy headers with a structured form for all CSP directives, trusted sources, and advanced features.
JSON Formatter
Format, validate, and beautify JSON instantly in your browser
Meta Tag Generator
Generate SEO meta tags, Open Graph, Twitter Cards, and canonical tags
Regex Tester
Test and debug regular expressions with live matching and explanation
Robots.txt Generator
Generate robots.txt files with allow and disallow rules, sitemap references, and user-agent targeting to control search engine crawling.
Explore more tools
200+ free tools that run in your browser.
Browse all tools →