The .htaccess file is a distributed configuration mechanism for the Apache HTTP Server that lets you override server‑wide settings at directory level. Typical directives fine‑tune security, performance and redirection behaviour without requiring root access or a full server restart.
This generator assembles modular rule sets—HTTPS enforcement, canonical host redirects, compression, caching, header hardening and more—into a single, syntactically valid file. Each section is independent, allowing you to add, remove or reorder functionality as site requirements evolve.
You choose components, review the live preview, then copy or download the finished file for immediate deployment on shared hosting, staging or production environments. Always back up existing configurations before replacement.
Concept Overview — Apache inspects .htaccess directives on every request, applying them after the main configuration. Rules cascade down the directory tree, enabling per‑site or per‑folder control. Webmasters commonly use this mechanism to enforce HTTPS, guard against click‑jacking, compress text assets, and instruct browsers on cache lifetimes.
| Category | Typical Directive | Primary Goal |
|---|---|---|
| Redirection | RewriteRule | Force HTTPS or canonical host |
| Caching | ExpiresByType | Leverage browser cache |
| Compression | AddOutputFilterByType | Reduce payload size |
| Security Headers | Header set | Mitigate common attacks |
| Access Control | Require not ip | Block abusive sources |
Interpretation Bands — For caching, lifetimes below one day favour rapid content turnover; 7‑30 days suit static media; above 180 days fit versioned assets. Security headers follow best‑practice values recommended by OWASP and Mozilla Observatory. Misconfigured patterns may trigger 500 Internal Server Error responses.
| Parameter | Meaning | Allowed Values | Sensitivity |
|---|---|---|---|
| days | Browser cache lifetime | 0–365 | High |
| mode | Redirect direction | nonwww_to_www | www_to_nonwww | Medium |
| domain | Allowed referrer for images | Valid host | High |
| headers[] | Security header toggles | Boolean | High |
| list | IP block list | CIDR / single IP | High |
Worked Example — 30‑day caching
Setting ExpiresDefault "access plus 30 days" instructs browsers to cache eligible assets for 2 592 000 seconds. Combined with Header set Cache‑Control "max‑age=2592000, public", future requests within that window read from local storage, reducing server load and latency.
mod_rewrite, mod_headers) at server level.FollowSymLinks or advanced security headers.RewriteRule may yield redirect loops.Guidance aligns with Apache HTTP Server documentation, RFC 7234 caching specifications, and community security‑header benchmarks published by OWASP and Mozilla Observatory.
No personal data is processed; the file is assembled entirely client‑side and downloaded locally, supporting GDPR‑friendly workflows.
A plain‑text configuration file Apache reads on every request, enabling directory‑level overrides for redirects, caching, security and access control.
No. All selections and generated text stay in your browser; nothing is transmitted or saved on any server.
Yes. The server interprets rules top‑to‑bottom, so place general redirects before file‑type‑specific directives for predictable results.
No. Nginx uses a different configuration syntax; convert rules manually or with a dedicated converter before use.
Download your current .htaccess as a backup first. Restoring the previous file via FTP or SSH reverts behaviour instantly.