.htaccess Generator
Generate Apache .htaccess files visually. Toggle HTTPS redirect, www normalization, hotlink prevention, custom error pages, browser caching, CORS, and security headers.
What is an .htaccess Generator?
An .htaccess generator creates Apache configuration directives without requiring memorization of obscure mod_rewrite syntax. The .htaccess file is a per-directory configuration file recognized by Apache HTTP Server that lets you override server settings — redirects, authentication, caching, CORS, and security headers — without touching the main httpd.conf. This generator produces a ready-to-deploy .htaccess for the most common web server tasks.
When to use each section
Options -Indexes prevents Apache from serving an auto-generated file listing when no index file exists in a directory — a common information-disclosure issue. Force HTTPS uses a 301 redirect to ensure all traffic is encrypted; combine with HSTS headers for full effect. WWW normalization consolidates link equity by redirecting all traffic to either the www or non-www canonical form. Browser caching sets expiry headers for static assets so browsers skip repeat downloads. Security headers add X-Content-Type-Options, X-Frame-Options, and Referrer-Policy directly from Apache, useful when your backend framework doesn't emit them.
Frequently Asked Questions
Does .htaccess work on Nginx or Caddy?
.htaccess is Apache-specific. Nginx does not read .htaccess files — you must add directives directly in nginx.conf or a server block. Caddy uses its own Caddyfile format. If you're on a shared host running Apache, .htaccess works as-is; for VPS setups running Nginx or Caddy, you'll need to translate the directives.
Why use 301 instead of 302 for HTTPS and www redirects?
301 (Moved Permanently) tells browsers and search engines the old URL is gone for good. Browsers cache 301s and skip the redirect on future visits. Search engines transfer link equity to the new URL. Use 302 (Found / Temporary) only for genuinely short-lived redirects — for HTTPS and canonical redirects you always want 301.
What is hotlink prevention and why would I use it?
Hotlinking is when another site embeds your images directly via your URL, consuming your bandwidth. The hotlink prevention rule checks the HTTP Referer header and blocks image requests that don't originate from your domain. Note that the Referer header can be suppressed (private browsing, strict referrer policies), so this is a best-effort measure — not a DRM solution.
Does .htaccess slow down my site?
Yes, marginally. Apache reads .htaccess on every request for the directory and its parents — it's not cached between requests. For high-traffic production sites, move directives into the main httpd.conf with AllowOverride None to disable .htaccess entirely and improve performance. For shared hosting where you can't edit httpd.conf, .htaccess is the only option.
What are CORS headers and when do I need them in .htaccess?
CORS (Cross-Origin Resource Sharing) headers tell browsers which external origins may read your responses. You need them when a JavaScript app on domain A fetches from your API on domain B. The Access-Control-Allow-Origin header specifies the allowed origin (* for any, or a specific domain). Apache's mod_headers can inject these without changing your application code.