What is an .htaccess file?

.htaccess (hypertext access) is a directory-level configuration file used by Apache web servers. It lets you control redirects, security, URL rewrites, caching, and more for a specific directory and its subdirectories without modifying the main Apache configuration.

What is the difference between a 301 and 302 redirect?

A 301 redirect is permanent — search engines transfer the full SEO value (PageRank) from the old URL to the new one and update their indexes. A 302 redirect is temporary — search engines keep the old URL indexed and do not transfer ranking signals. Always use 301 for site migrations and permanent URL changes.

How do I redirect www to non-www in .htaccess?

Enable the 'Redirects' mode and check 'www to non-www redirect'. This generates a RewriteCond checking for www.yourdomain.com and a RewriteRule that 301-redirects to https://yourdomain.com. Make sure mod_rewrite is enabled on your Apache server.

How do I block directory listing with .htaccess?

Use 'Options -Indexes' in your .htaccess file. This is included in the Security mode. Without this directive, Apache shows a list of all files in a directory if there is no index.html or index.php — a significant security and privacy risk.

Is my .htaccess content sent to a server?

No. This generator runs entirely in your browser. No data is sent to any server, logged, or stored anywhere outside your device.

.htaccess Generator — Free Online Tool

How to Use the .htaccess Generator

Choose a category — Redirects, Security, Performance, or Custom Rewrite Rules.
Toggle the options you need — each checkbox adds the relevant directives to the output.
Add manual rules — use the "Add Redirect" or "Add Rule" buttons for specific URL patterns.
Copy or download — save the result as .htaccess and upload it to your web root.

Understanding Apache .htaccess Files

The .htaccess file (short for hypertext access) is a powerful per-directory configuration file supported by Apache HTTP Server. It lets developers override server-level settings for specific directories — and critically, it does not require server restarts when changed. This makes it the go-to tool for shared hosting environments where you do not have access to the main Apache config (httpd.conf). Modern Apache deployments with AllowOverride All in their vhost config will process .htaccess on every request for that directory.

Redirect Rules and SEO

The most common use of .htaccess is URL redirection. When migrating a website to a new domain or restructuring URLs, 301 (permanent) redirects are essential for preserving SEO equity. Search engines interpret 301s as signals to transfer all ranking signals — backlinks, PageRank, anchor text — from the old URL to the new one. Using 302 (temporary) redirects during a permanent migration is a common mistake that leaves search engines uncertain about which URL is canonical. The HTTPS redirect rule forces all HTTP traffic to the secure version of your site, which is required by most ad networks (including Ezoic and Mediavine) and improves Chrome's "Not Secure" indicator treatment.

Security Directives

Options -Indexes is one of the most important security directives. Without it, Apache will display a browsable directory listing for any folder that lacks an index file — exposing filenames, modification dates, and sometimes sensitive configuration files. The security mode also adds HTTP security headers: X-Frame-Options: SAMEORIGIN prevents your site from being embedded in iframes on other domains (clickjacking protection), X-Content-Type-Options: nosniff stops browsers from guessing MIME types (MIME-sniffing attacks), and X-XSS-Protection enables legacy browser XSS filters. Hotlink protection uses RewriteCond to block requests for your images from external domains, reducing bandwidth theft.

Performance and Browser Caching

The performance mode uses Apache's mod_expires and mod_deflate modules. ExpiresByType directives set the Expires and Cache-Control headers on static assets, telling browsers to cache them locally. Setting fonts and images to one year is safe because these files rarely change — use cache-busted filenames (e.g., logo.v2.png) when you do update them. Gzip compression via mod_deflate typically reduces HTML by 70-80%, CSS by 85%, and JavaScript by 80%, significantly improving page load times and Core Web Vitals scores.

Custom Rewrite Rules

Apache mod_rewrite uses a powerful regular expression engine to match and transform URLs. A typical single-page application rewrite rule checks that the requested path is not an actual file (!-f) or directory (!-d) and rewrites everything to index.html. This lets your JavaScript router handle navigation without the server returning 404 errors on page refresh. The [L] flag stops processing further rules after a match, and [R=301] sends an external redirect with a 301 status code. For Nginx users, similar logic is expressed with try_files.

.htaccess Generator