The .htaccess Generator builds valid Apache configuration from checkboxes and form fields, so you get correct syntax without needing to memorise Apache directives. Toggle the sections you need, fill in any paths or values, and the output updates live. It covers the most common real-world .htaccess use cases: HTTPS enforcement, www canonicalisation, security headers, browser caching, hotlink protection, custom error pages, IP blocking, and custom redirects and rewrite rules.
1. Enable the sections you need using the checkboxes and fill in any required fields (such as your domain for hotlink protection, or paths for custom error pages).
2. Click Sample to see a realistic production configuration pre-filled.
3. The generated .htaccess output updates live as you make changes.
4. Click Download .htaccess to save the file, then upload it to the root of your web server.
5. Always keep a backup of your existing .htaccess before replacing it, and test on a staging environment when possible.
What is an .htaccess file?
An .htaccess file is a per-directory configuration file used by the Apache web server. It lets you control redirects, URL rewrites, access restrictions, custom error pages, caching, and security headers without modifying the main server configuration. It must be named exactly ".htaccess" (with a leading dot and no extension) and placed in the directory it should affect.
Will this work on my hosting?
This tool generates Apache .htaccess syntax. It works on Apache-based shared hosting (cPanel, Plesk), most VPS setups running Apache, and hosting that uses Apache in front of PHP. It will not work on nginx or IIS servers, which use different configuration formats.
What does "Force HTTPS" do?
It adds a redirect rule that sends any HTTP request to the HTTPS equivalent. This is the standard way to ensure all traffic to your site is encrypted. After enabling it, your site should be accessible only via https://.
What is the difference between forcing www and non-www?
Both options canonicalise your domain to one preferred form. "Force non-www" redirects www.example.com to example.com. "Force www" does the reverse. You should pick one and be consistent — mixing both or using neither can cause duplicate content issues in search engines.
Is it safe to add all the security headers?
The headers generated here are broadly safe defaults. However, the Content Security Policy (CSP) header in particular may break sites that load scripts or styles from external domains. Test on a staging environment first, and adjust the CSP value to match your actual asset sources.
How do I deploy the .htaccess file?
Download the generated file and upload it to the root of your website (the same directory as your index.php or index.html). If you already have an .htaccess file, merge the new rules carefully rather than overwriting — always keep a backup first.