⚙️ Apache Config

.htaccess Generator

Toggle the rules you need, fill in any required values, and download your custom .htaccess file ready to upload to your Apache server root.


Redirects & URL

Force HTTPS
Redirect all HTTP traffic to HTTPS
www ↔ non-www Redirect
Canonicalise your domain
Remove Trailing Slash
Redirect /page/ → /page (301)
Custom Error Pages
404, 403, 500 error documents
404
403
500
Custom Redirects
Add 301/302 redirect rules

Performance

Enable GZIP Compression
Compress HTML, CSS, JS, fonts for faster loads
Browser Caching
Set Expires headers for static assets

Security

Disable Directory Listing
Prevent listing of folder contents
Block Bad Bots
Block common scrapers and bad user-agents
Block IP Addresses
Deny access from specific IPs
Password Protect Directory
Basic HTTP auth for a folder
Security Headers
X-Frame-Options, XSS, Content-Type, HSTS
Hide PHP Errors (Production)
Disable PHP error display for security
.htaccess Output 0 lines 

      


      

        
Upload Instructions

        
    
          
  1. Download the generated .htaccess file
    2. 
          
  2. Upload it to your website's root directory (same folder as index.html)
    3. 
          
  3. Make sure it overwrites any existing .htaccess
    4. 
          
  4. Test your redirects and rules in a browser
    5. 
        

        

          
⚠️ Always backup your existing .htaccess before replacing it.

        

      

    

  





  

    
The Complete Guide to .htaccess Configuration

    

      

The .htaccess file is one of the most powerful configuration tools available to Apache web server users. This small, plain-text file sits in your website's root directory and can override server settings on a per-directory basis — controlling redirects, URL rewriting, security headers, compression, caching, access control, and much more. Understanding .htaccess is essential for any web developer or site owner running on Apache, which powers approximately 31% of all websites on the internet.



What Is .htaccess?


The name .htaccess stands for "hypertext access." It is a distributed configuration file that Apache reads on every request to a directory. Unlike changes to the main Apache configuration file (httpd.conf) — which requires server restart and root access — .htaccess changes take effect immediately and can be managed by website owners without server-level access. This makes it particularly useful on shared hosting environments.



Forcing HTTPS: Why It Is Non-Negotiable


HTTPS has been a Google ranking factor since 2014, and Chrome now marks all HTTP pages as "Not Secure." Forcing HTTPS via .htaccess ensures that every visitor — whether they type http://, access your site from a bookmark, or follow an old link — is immediately redirected to the secure version. The redirect uses a 301 (permanent) status code, which passes full link equity to the HTTPS version and updates most browsers' caches automatically.



www vs non-www: Choose One and Stick With It


Having your site accessible at both www.example.com and example.com creates a duplicate content problem in Google's eyes. Both versions may be indexed separately, splitting PageRank and confusing canonicalisation. Use .htaccess to permanently redirect one to the other, then set your preferred version in Google Search Console under Settings → Change of Address and in your sitemap's canonical URLs.



GZIP Compression for Performance


Enabling GZIP compression via mod_deflate typically reduces text-based file sizes by 60–80%. For a typical website, this means HTML files go from 40KB to 8KB, CSS from 60KB to 12KB, and JavaScript from 200KB to 50KB — all served faster over the network with no quality loss. Google PageSpeed Insights and Core Web Vitals assessments factor in response payload size, so compression directly impacts your performance scores.



Browser Caching


Setting appropriate Expires headers via mod_expires tells browsers how long to cache static assets locally. Images, fonts, and videos that rarely change should be cached for a year. CSS and JavaScript files that change with each deployment should be cached for a month (and cache-busted with versioned filenames). HTML documents should be cached for a day at most. Proper caching reduces server load, bandwidth costs, and load times for returning visitors dramatically.



Security Headers


X-Frame-Options: SAMEORIGIN prevents your site from being embedded in iframes on other domains, protecting against clickjacking attacks. X-Content-Type-Options: nosniff prevents browsers from MIME-type sniffing, which can lead to XSS vulnerabilities. Strict-Transport-Security (HSTS) instructs browsers to always use HTTPS for your domain, even if the user types HTTP — and to cache this preference. These headers are free, require no server restart, and improve your security posture significantly.



Blocking Bad Bots


Malicious bots, scrapers, and vulnerability scanners consume significant server bandwidth and can skew your analytics. The .htaccess RewriteEngine can match User-Agent strings and return 403 Forbidden responses to known bad bots before they can access any page content. This is particularly effective for well-known scrapers like AhrefsBot, SemrushBot, and DotBot that are identifiable by their User-Agent strings.



Hotlink Protection


Hotlinking occurs when other websites embed your images directly, consuming your bandwidth without sending visitors to your site. .htaccess can block external sites from loading your images while still allowing them to be displayed on your own domain. This can dramatically reduce bandwidth costs on image-heavy websites.



How to Upload and Test Your .htaccess


Always back up your existing .htaccess before replacing it — a single syntax error can take your entire site offline. Upload the file to your server root via FTP or your hosting control panel's file manager. Test every redirect immediately in an incognito window to avoid cached redirects. Use tools like htaccess.madewithlove.com to test rules before deploying.


    

  










  

    Share this tool
    

      
        
        Tweet
      
      
        
        Facebook
      
      
        
        LinkedIn
      
      
        
        WhatsApp