How to use the .htaccess generator
Click any rule button at the top to add it to your configuration. Each rule appears as a card that you can enable, disable, or remove. For redirect rules, enter the source path and destination URL. For IP blocking, enter the IP address. For hotlink protection, enter your domain pattern (escaped dots like example\.com).
The generated .htaccess code updates in real time on the right panel. You can add multiple rules of the same type—for example, several 301 redirects for a site migration. Use the checkboxes to temporarily disable rules without removing them, which is useful for testing different configurations.
When your configuration looks correct, click "Copy" to copy the entire file to your clipboard, or "Download" to save it as an .htaccess file. Upload the file to the root directory of your Apache web server. Always keep a backup of your existing .htaccess before replacing it, and test the new configuration by visiting your site to verify redirects and rules work correctly.
Essential .htaccess rules for every website
Force HTTPS is arguably the most important rule for any modern website. Unencrypted HTTP connections expose user data to interception, hurt SEO rankings, and trigger browser security warnings. The force HTTPS rule uses mod_rewrite to permanently redirect all HTTP requests to their HTTPS equivalent. This should be the first rule in your .htaccess file.
Gzip compression dramatically reduces the size of text-based responses. HTML, CSS, JavaScript, JSON, XML, and SVG files are highly compressible—typically 60-80% smaller after gzip. This means faster page loads, lower bandwidth costs, and better Core Web Vitals scores. The mod_deflate module handles this compression transparently.
Browser caching via mod_expires tells browsers to cache static assets locally for a specified duration. When a returning visitor loads your page, their browser serves CSS, JavaScript, and images from local cache instead of downloading them again. Setting image and font caches to one year and CSS/JS caches to one month is a common configuration that balances freshness with performance.
Security rules and access control
Disabling directory listing prevents visitors from browsing your file structure when no index file exists in a directory. Without this rule, Apache displays a list of all files and subdirectories, potentially exposing sensitive files like configuration backups, database dumps, or development scripts.
IP blocking is useful for banning specific addresses that are attacking your site, scraping your content, or generating spam. The RequireAll directive works with Apache 2.4 and later. For older Apache versions, use Order/Deny/Allow directives. Be careful not to block legitimate users or your own IP address.
Hotlink protection prevents other websites from embedding your images, videos, or other media directly from your server. Without protection, hotlinking can consume your bandwidth without providing any traffic to your site. The rule checks the HTTP Referer header and blocks requests that originate from domains other than your own.
Frequently Asked Questions
What is an .htaccess file?
An .htaccess (hypertext access) file is a directory-level configuration file for Apache web servers. It allows you to configure redirects, URL rewriting, access control, compression, caching, and error pages without modifying the main server configuration. The file is placed in the root directory (or any subdirectory) of your website and is processed on every request.
Does .htaccess work with Nginx?
No. .htaccess is specific to Apache HTTP Server. Nginx uses its own configuration format in server block files. If your site runs on Nginx, you need to translate .htaccess rules into Nginx config syntax. Many hosting providers use Apache by default, but cloud platforms like AWS and containerized deployments often use Nginx.
How do I force HTTPS with .htaccess?
Use mod_rewrite to check if HTTPS is off and redirect to the HTTPS version. The rule checks the %{HTTPS} server variable and issues a 301 redirect. This ensures all HTTP traffic is permanently redirected to HTTPS, which is essential for security and SEO. Make sure your SSL certificate is installed before enabling this rule.
What is the difference between 301 and 302 redirects?
A 301 redirect is permanent—it tells search engines to transfer all ranking value to the new URL. A 302 redirect is temporary—it signals that the original URL may return in the future. Use 301 for permanent URL changes (site migration, page restructuring) and 302 for temporary situations (A/B testing, maintenance pages).
Can .htaccess slow down my site?
Yes, if overused. Apache reads .htaccess files on every request and checks every parent directory for .htaccess files. Complex rewrite rules or excessive files can add latency. For production sites, moving rules to the main server configuration (httpd.conf or virtual host) is faster because those files are loaded once at server startup.
How do I enable gzip compression?
Use mod_deflate with AddOutputFilterByType directives. This compresses text-based responses (HTML, CSS, JavaScript, JSON, XML, SVG) before sending them to the browser. Gzip compression typically reduces file sizes by 60-80%, significantly improving page load times. Most modern browsers support gzip and brotli compression.
Privacy and methodology
This tool runs entirely in your browser. .htaccess rules are generated using template-based string construction with your provided inputs. No data is sent to any server. The generated code follows Apache 2.4 syntax and uses standard modules (mod_rewrite, mod_deflate, mod_expires). Always test generated configurations in a staging environment before deploying to production.