.htaccess Generator

Generate htaccess rules for 301 redirects, rewrite URL, HTTPS, caching, and WordPress. Copy or download the file instantly.

The .htaccess Generator builds a ready-to-upload Apache configuration file covering 301/302 redirects, force HTTPS, www/non-www canonicalisation, custom error pages, browser cache headers, IP blocking, and GZIP compression. Toggle the sections you need, fill in your URLs or IPs, and the live preview shows the exact rules Apache will execute. Download the file, drop it in your document root, and the rules take effect on the next request with no server restart.

Ad
Ad

About .htaccess Generator

Available Rule Sections

SectionWhat It DoesTypical Use Case
301 RedirectPermanently redirects one URL to anotherMoving a page to a new location, preserving SEO value
302 RedirectTemporarily redirects one URL to anotherMaintenance pages, A/B testing
Force HTTPSRedirects all HTTP requests to HTTPSAfter installing an SSL certificate
WWW prefixForces www or non-www version of the domainConsistent URLs for SEO (pick one and stick with it)
Custom error pagesShows custom HTML pages for 404, 403, and 500 errorsBranded error pages instead of default Apache messages
Cache controlSets browser cache expiry headers by file typeImproving page load speed by caching static assets
IP blockingDenies access from specific IP addressesBlocking spam bots, restricting staging site access
GZIP compressionCompresses text-based responses (HTML, CSS, JS)Reducing bandwidth and improving load times

How to Use the Generator

StepAction
1. Toggle sectionsEnable only the features you need
2. Fill in valuesEnter URLs, IP addresses, file types, or error page paths
3. PreviewThe .htaccess output updates in real time as you make changes
4. Copy or downloadCopy to clipboard or download as a .htaccess file
5. Upload to serverPlace the file in your website's document root via FTP, SFTP, or hosting panel

Common .htaccess Configurations

ScenarioSections to Enable
New WordPress siteForce HTTPS + WWW prefix + Cache control + GZIP
Domain migration301 Redirects (old URLs to new URLs)
Staging environment lockdownIP blocking (allow only your office/home IP)
Performance optimisationCache control + GZIP compression
Custom brandingCustom error pages (404, 403, 500)
Temporary maintenance302 Redirect to maintenance page

Cache Control Settings

Browser caching tells visitors' browsers to store static files locally, so repeat visits load faster. The generator lets you set expiry times for different file types:

File TypeRecommended ExpiryWhy
Images (jpg, png, gif, svg, webp)1 yearImages rarely change; long cache saves the most bandwidth
CSS stylesheets1 monthChanges with design updates, but not frequently
JavaScript files1 monthBundled JS changes with deployments
Fonts (woff, woff2)1 yearFont files almost never change
HTML pagesNo cache or short (1 hour)Content changes frequently; stale HTML causes confusion

.htaccess vs Server Config

Aspect.htaccesshttpd.conf / VirtualHost
Requires server restartNo - changes take effect immediatelyYes - requires Apache reload
PerformanceChecked on every request (slight overhead)Loaded once at startup (faster)
Access requiredFTP/file manager onlyRoot or sudo access
Shared hostingWorks (this is the main use case)Usually not accessible
ScopePer-directory and subdirectoriesServer-wide or per virtual host

If you have root access to your server, placing rules in the virtual host config is slightly more performant. But for shared hosting or when you only have FTP access, .htaccess is the standard approach and works perfectly for most sites.

Important Notes

NoteDetails
File nameThe file must be named exactly .htaccess (with the leading dot, no extension)
Hidden fileThe leading dot makes it hidden on macOS and Linux - use ls -a to see it
Apache only.htaccess is for Apache web servers, not Nginx, Caddy, or IIS
AllowOverrideThe server's main config must have AllowOverride All for .htaccess rules to work
Syntax errorsA single syntax error in .htaccess will cause a 500 Internal Server Error for the entire site

If your .htaccess uses complex rewrite rules, test the regex patterns with the Regex Tester. For scheduling server tasks alongside your config, try the Cron Expression Builder. The generator runs entirely in your browser with no server-side processing.

Why Apache Still Matters in 2026

Apache remains one of the three dominant web servers on the internet, so .htaccess knowledge is still a core skill for anyone running a site. According to W3Techs data from April 2026, Apache is the third most-used web server at 23.7% of all websites, behind Nginx at 32.7% and Cloudflare at 27.7%. Netcraft's May 2025 survey placed Apache at 15.3% of active sites and 17.83% of the top million busiest sites. Shared hosting providers almost universally ship Apache with mod_rewrite enabled, which is why .htaccess continues to be the standard way to configure redirects, caching, and access control on budget hosting plans where root access is not available.

How the Rewrite Engine Processes Rules

Apache processes rules in per-module order, not the line order of the file. mod_rewrite directives (RewriteRule, RewriteCond) are evaluated separately from mod_alias directives (Redirect, RedirectMatch), and mixing them in the same file often produces surprising results. The official Apache HTTP Server documentation recommends picking one module and sticking with it: use mod_alias for simple one-to-one URL changes, and mod_rewrite when you need regular expressions, conditional checks on headers or IPs, or internal rewrites. This generator uses mod_rewrite for HTTPS and www handling (where conditionals are required) and mod_alias Redirect directives for individual URL redirects, which keeps the output predictable.

Worked example: forcing HTTPS on a site with both www and non-www traffic. Enable "Force HTTPS" and "Force WWW" in the generator. The output places the HTTPS rewrite first, followed by the www rewrite, both with [L,R=301] flags. A request to http://example.com/page hits the HTTPS rule, redirects to https://example.com/page, then on the next hit matches the www rule and redirects again to https://www.example.com/page. Two redirects in a chain is acceptable for canonicalisation, but if you want a single hop you can combine the conditions into one rule at the server level.

Status Code Reference for Redirects

CodeMeaningWhen to UseSEO Impact
301Moved PermanentlyURL structure change, domain migration, canonical HTTPS/wwwPasses full link equity to the new URL; browsers cache aggressively
302Found (Temporary)A/B tests, maintenance pages, geo redirectsGoogle eventually treats long-lived 302s as 301, but do not rely on it
307Temporary RedirectSame as 302 but preserves the HTTP method (POST stays POST)Rarely needed for static sites; important for APIs
308Permanent RedirectModern equivalent of 301 that preserves the HTTP methodSame SEO effect as 301; supported by all modern browsers
410GoneContent permanently removed with no replacementFaster de-indexing than a 404; use for deleted pages you never want crawled again

Apache's official redirect guide recommends testing new redirects with 302 first, verifying the destination is correct, then switching to 301 once confirmed. A misconfigured 301 is hard to undo because browsers and intermediate caches remember it for weeks.

Common Mistakes and How to Avoid Them

MistakeSymptomFix
Uploading with a .txt extensionRules silently ignoredFile must be named exactly .htaccess with the leading dot and no extension
Mixing Redirect and RewriteRuleOnly some rules fire, order feels randomUse RewriteRule for everything once you have any RewriteRule in the file
AllowOverride None on the server.htaccess file is there but has no effectServer config must set AllowOverride All or enable the specific override classes you need (FileInfo for redirects, Indexes for directory listings)
Redirect chainsSlow page loads, crawl budget wasteAlways redirect old URLs directly to the final destination, not through intermediate hops
Aggressive caching on HTMLUsers see stale pages for hours or daysCache HTML for 0 or 1 hour; cache images, CSS, JS, fonts for longer
Missing L flagMultiple rules process, unexpected resultsAdd [L] (Last) to stop rewrite processing once a rule matches
Syntax error in a directiveEntire site returns 500 Internal Server ErrorTest in a staging directory first, or keep a known-good backup you can restore via FTP in under a minute

AllowOverride Classes Explained

Apache's AllowOverride directive controls which .htaccess directives the server will honour. Setting AllowOverride All in the main server config is the simplest approach but also the most permissive. The Apache documentation defines five override classes that can be combined for a stricter setup:

Override ClassControlsNeeded For
AuthConfigAuthentication directives (AuthType, Require, AuthName)Password-protecting directories
FileInfoRedirects, rewrites, MIME types, error documents, headersMost of this generator's output (301 redirects, HTTPS, cache headers, error pages)
IndexesDirectory indexing optionsEnabling or disabling directory listings
LimitLegacy access control (Allow, Deny, Order)IP blocking on Apache 2.2 - use Require on 2.4+
OptionsOptions directive and filter chainEnabling FollowSymlinks for mod_rewrite

For the rules this generator produces, AllowOverride FileInfo Options=FollowSymLinks is usually sufficient. Shared hosting providers typically enable AllowOverride All by default, so most users do not need to change anything.

Alternatives on Other Web Servers

.htaccess is Apache-specific. If your site runs on a different server, these are the equivalent approaches:

ServerEquivalent ApproachReload Required
NginxRules go in the main nginx.conf or a site-specific file in sites-availableYes - nginx -s reload after changes
CaddyCaddyfile with automatic HTTPS via Let's Encrypt built inYes - caddy reload
IISweb.config XML file (per-directory, similar to .htaccess)No - applies immediately
Cloudflare Pages / Netlify / VercelPlatform-specific redirect files (_redirects, vercel.json, netlify.toml)No - deploys on push
Cloudflare WorkersJavaScript edge functions running before origin requestsNo - deploys via Wrangler CLI

If you are migrating from Apache to Nginx, the rules in the generated .htaccess will not copy over directly. Nginx has an equivalent for most directives but uses different syntax (return 301 instead of Redirect 301, rewrite instead of RewriteRule). Tools like slug patterns and regex remain transferable.

Sources

Frequently Asked Questions

What is an .htaccess file?

An .htaccess file is a configuration file used by the Apache web server to apply rules on a per-directory basis without editing the main server configuration. It can control redirects, URL rewriting, access restrictions, caching headers, and more.

Will these rules work on any web server?

No. The rules generated by this tool are specific to the Apache HTTP Server with mod_rewrite and mod_headers enabled. They will not work on Nginx, IIS, or other web servers, which use different configuration syntax.

Can .htaccess rules slow down my site?

Apache checks for .htaccess files in every directory on each request, so heavy use can add overhead compared to putting the same rules in the main server configuration. For most sites the impact is negligible, but high-traffic sites should consider moving rules into the virtual host config.

How do I use the generated file?

Download or copy the generated rules and save them in a file named ".htaccess" (note the leading dot) in your website's document root. Upload the file to your server via FTP, SFTP, or your hosting control panel. The rules take effect immediately without a server restart.

Link to this tool

Copy this HTML to link to this tool from your website or blog.

<a href="https://toolboxkit.io/tools/htaccess-generator/" title=".htaccess Generator - Free Online Tool">Try .htaccess Generator on ToolboxKit.io</a>