⚙️

.htaccess Generator

Build Apache .htaccess rules for redirects, HTTPS enforcement, cache control, hotlink protection and custom error pages. Copy-ready output. Free, browser-based.

💻 Developer Tools Free Browser-based

Tool

Enable the sections you need, configure the options, then click Generate.

Force HTTPS Redirect all HTTP → HTTPS

Redirects every HTTP request to the secure HTTPS equivalent using a 301 permanent redirect.

WWW Redirect Force www or non-www

Direction

Custom Redirect 301 or 302 redirect a path

From path

To URL

Type

Browser Caching Cache static assets

Cache duration

Hotlink Protection Block image leeching

Your domain

Custom Error Pages 404, 403, 500

404 page

403 page

500 page

Disable Directory Listing Hide folder contents

Prevents Apache from showing a list of files when no index file is present in a directory.

Generated .htaccess

What Is .htaccess?

An .htaccess file is a per-directory configuration file for the Apache web server. It overrides the main server config for requests within that directory tree, allowing you to set up redirects, authentication, caching headers and security rules without restarting the server.

Common Use Cases

Rule	Purpose
Force HTTPS	Redirect all HTTP traffic to secure HTTPS
WWW redirect	Canonicalise domain to www or non-www
Browser caching	Tell browsers to cache CSS/JS/images locally
Hotlink protection	Block other sites from embedding your images
Custom error pages	Show branded 404/403/500 pages
Disable directory listing	Prevent visitors from browsing your file tree

Important Notes

Apache must have AllowOverride All set in its virtual host configuration for .htaccess files to take effect. Ensure mod_rewrite is enabled (a2enmod rewrite on Debian/Ubuntu). Always back up your existing .htaccess before overwriting it — a syntax error causes a 500 Internal Server Error for all visitors immediately.

Security Rules Worth Adding to Every Site

Force HTTPS — redirects all HTTP traffic to the secure version, preventing mixed-content warnings and protecting data in transit.
Disable directory listing — without an index file, Apache shows a directory listing. Options -Indexes prevents visitors from browsing your file tree.
Block access to sensitive files — use FilesMatch to deny HTTP access to .env, composer.json, .git and other files that should never be web-accessible.
Protect .htaccess itself — wrap the file in a <Files .htaccess> Require all denied </Files> block so it cannot be downloaded via HTTP.
Add security headers — X-Frame-Options DENY prevents clickjacking; X-Content-Type-Options nosniff prevents MIME sniffing attacks.

Require all denied . This denies HTTP access to those file extensions regardless of what directory they are in.'], ]" />