.htaccess Generator

Apache .htaccess files are directory level instruction files that guide redirects, caching, access control, and basic security for a site. Many teams look for an apache htaccess redirect rules template so behavior stays consistent across environments and deployments.

You choose the concepts you need and the generator assembles them into a readable file that you can review and copy. Typical choices include redirect strategies, Brotli and Gzip compression, browser cache hints, simple security headers, and custom error pages.

Use the preset menu to drop in a static site, SPA, API, or hardened baseline in one click, then tweak each collapsed section as needed. Force HTTPS, HSTS preload, and legacy header switches update the matching blocks automatically so the generated rules reflect your intent.

A quick preset helps you start clean and then you can remove or reorder sections as your site evolves. The summary surfaces rule count, file size, and any warnings so you can spot issues before shipping.

Each section now opens from a compact advanced toggle with a drag handle, so you can collapse completed blocks, rearrange them quickly, and stay in the same streamlined layout used across other tools.

Test changes in a safe space and roll out gradually. Keep paths precise and prefer small steps when adding powerful rules like global redirects.

Technical Details

.htaccess configuration governs request handling at the directory boundary on Apache HTTP Server. The generator composes text blocks for features such as HTTPS enforcement, host canonicalization, compression, browser caching, response headers, custom error documents, IP restrictions, referrer based hotlink protection, and raw inserts.

The output is plain text with optional section comments, followed by a concise summary of non comment rules, total bytes, and warnings. A shared configuration can be encoded into the page URL and restored later.

Some features rely on specific modules. Rewrite based sections require mod_rewrite; caching and headers use mod_expires and mod_headers; compression uses mod_brotli and mod_deflate. When a module is absent, Apache ignores the guarded block.

Processing pipeline

Check selected sections; if any use rewrites, insert a shared <IfModule mod_rewrite.c>…RewriteEngine On…</IfModule> preamble.
For each section, render its block from current settings.
Optionally prepend a one line comment naming the section.
Join blocks with blank lines and trim trailing space.
Compute non comment rule count, byte size, and warnings.

Worked example

Example selection: Force HTTPS, redirect to www, enable Brotli and Gzip, set cache lifetime to 30 days, add core security headers, and define custom 404/403 pages.

# Force HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

# WWW Redirect
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

# Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript application/json image/svg+xml
</IfModule>
<IfModule mod_brotli.c>
AddOutputFilterByType BROTLI_COMPRESS text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript application/json image/svg+xml
</IfModule>

# Browser Cache
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 30 days"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/html "access plus 1 hour"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
</IfModule>
<IfModule mod_headers.c>
Header set Cache-Control "public, max-age=2592000"
</IfModule>

# Security Headers
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
Header set Content-Security-Policy "default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
</IfModule>

ErrorDocument 404 /404.html
ErrorDocument 403 /403.html

Interpretation: requests will be upgraded to HTTPS, the www host becomes canonical, assets compress efficiently, and browsers receive cache and security guidance.

Variables & parameters

Parameters
Parameter	Meaning	Unit/Datatype	Typical Range	Notes
HTTPS	Redirect all HTTP to HTTPS	Boolean	on/off	Uses `mod_rewrite` with 301.
Host canonicalization	Redirect between bare and `www`	Boolean + target	to `www` or to bare	301 redirects.
Compression	Enable Brotli and Deflate	Boolean	on/off	Content types prelisted.
Cache lifetime	Default expiry window	Number (days)	1 to 365	Min 1 day; sets `Cache-Control`.
Security headers	Add core response headers	Boolean	on/off	Includes CSP with inline allowances.
Error pages	Custom 404 and 403	Paths	Site relative	`/404.html` and `/403.html` suggested.
Block IP	Deny listed sources	IPs or CIDRs per line	—	Uses `Require not ip`.
Hotlink protection	Forbid image embedding	Boolean + allow-list	Domains per line	Skips empty referrers.
Raw snippet	Paste custom rules	Text block	—	Inserted verbatim.

Validation & bounds

Validation rules
Field	Type	Min	Max	Step/Options	Placeholder
Cache lifetime (days)	Number	1	—	1	—
Redirect code	Select	—	—	301, 302	—
Custom 404 path	Text	—	—	—	/404.html
Custom 403 path	Text	—	—	—	/403.html
IPs or CIDRs	Textarea	—	—	one per line	e.g., 192.0.2.0/24
Allowed referrers	Textarea	—	—	one per line	e.g., static.example.com

Diagnostics & warnings

Warns when no custom 404 or 403 path is set.
Warns when a redirect maps the same path to itself.

Privacy & compliance

No data is transmitted or stored server‑side. Generated configuration may influence security posture; review carefully before production deployment.

Step‑by‑Step Guide

Generate a focused .htaccess file that enforces redirects, caching, compression, and headers with a few clear choices.

Click Best‑practices preset or add sections you need.
Tune options such as cache days and redirect codes.
Review the summary for rule count, size, and warnings.
Copy or download the .htaccess text.
Test on a staging host first.
Deploy to production and monitor behavior.

Example: Add one 301 redirect from /old to /new; enable compression; set cache to 30 days; copy the file and place it in your site root.

You now have a clean configuration tailored to your needs.

FAQ

Is my data stored?

No. Everything is composed on your device and nothing is uploaded or persisted server‑side.

Clipboard and downloads occur locally.

How accurate are the results?

Blocks follow Apache directives exactly. Effect depends on enabled modules and virtual host context, which the tool cannot detect.

Always test on the target server.

Which units and formats are used?

Cache lifetime is entered in days. IP blocks accept one IP or CIDR per line. Redirect codes are 301 or 302.

Paths should be site relative.

Can I use it offline?

Yes, once loaded it continues to work without an active connection.

Sharing via URL requires connectivity.

Does it cost anything?

No payment is required.

Licensing of bundled assets follows their authors.

How do I redirect to www?

Add the host redirect section and choose the option that targets www. The generator emits a 301 to the canonical host.

Select the opposite option to target the bare host.

What if a module is missing?

Apache ignores guarded directives inside the matching <IfModule> block. Enable required modules or remove the block.

Logs will confirm which rules applied.

What does “warning” mean here?

Warnings flag likely misconfigurations, such as a redirect pointing to itself or missing error pages. They do not block generation.

Resolve before deploying.

Troubleshooting

Redirect loop → check host canonicalization and path rules.
Rules ignored → ensure the file sits in the correct directory.
No effect → verify AllowOverride permits the used directives.
Images still hotlinked → confirm referrer policy and allow‑list entries.
Headers missing → confirm mod_headers is enabled.
Cache not respected → clear CDN or proxy caches and retest.
Blocked user by mistake → remove the IP or CIDR and redeploy.

Site not loading after deployment? Remove the new file, restore the previous version, and reintroduce sections one by one.

Advanced Tips

Tip Place only one responsibility per block to simplify audits.
Tip Prefer 301 for permanent moves and 302 for temporary changes.
Tip Keep security headers tight, then relax only where required.
Tip Use the raw snippet block for rare module directives.
Tip Test image hotlink rules with a private window and a separate host.
Tip Reuse the shareable URL to version configurations alongside code.

Glossary

301: Permanent redirect status code.
302: Temporary redirect status code.
CSP: Content Security Policy header controlling resource sources.
HSTS: Strict‑Transport‑Security header that pins HTTPS for a period.
Hotlinking: Embedding assets from another site without hosting them.
IfModule: Apache guard that applies rules only if a module is enabled.