⚙️ .htaccess Generator
Generate Apache .htaccess files with HTTPS redirect, WWW handling, custom redirects, hotlink protection, caching, and more.
Site Configuration
Custom Redirects (301)
# Generated by FinanceCalculator.com
Options -Indexes
# Enable Gzip compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain text/html text/css application/javascript application/json application/xml image/svg+xml
</IfModule>
# Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Force www
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.example.com%{REQUEST_URI} [L,R=301]
# Custom 301 Redirects
Redirect 301 /old-page https://www.example.com/new-page
# Custom error pages
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
# Browser caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 30 days"
ExpiresByType image/png "access plus 30 days"
ExpiresByType text/css "access plus 30 days"
ExpiresByType application/javascript "access plus 30 days"
</IfModule>.htaccess Generator -- Complete USA Guide 2026
The .htaccess Generator creates production-ready Apache configuration files with the most common web server directives - HTTPS forcing, www canonicalization, custom redirects, hotlink protection, browser caching, Gzip compression, and bad bot blocking - all from a visual interface without memorizing Apache rewrite syntax.\n\nApache's .htaccess files control web server behavior at the directory level and are essential for shared hosting environments (cPanel, Bluehost, SiteGround, HostGator) where you don't have access to the main Apache configuration. WordPress, Drupal, and most PHP CMS platforms rely on .htaccess for URL rewriting and security settings.
🔬 How This Calculator Works
The generator dynamically builds an .htaccess file from your selected options. HTTPS forcing uses RewriteCond %{HTTPS} off with a 301 redirect. WWW handling uses RewriteCond checking the HTTP_HOST header with a 301 redirect to the canonical domain. Custom redirects use the Redirect 301 directive. Image hotlink protection uses RewriteCond %{HTTP_REFERER} to block external image requests. Gzip uses mod_deflate AddOutputFilterByType directives. Browser caching uses mod_expires with configurable expiry times.
✅ What You Can Calculate
Visual Configuration
Configure HTTPS, WWW policy, redirects, caching, and security options via checkboxes and inputs - no Apache directive syntax memorization needed.
Custom 301 Redirects
Add unlimited custom permanent redirects with from/to path pairs. Essential for SEO-safe URL changes during site redesigns.
Performance Optimizations
Gzip compression and browser caching directives reduce page load times - two of the most impactful performance optimizations for Apache-served websites.
Security Features
Block common SEO/scraping bots (Ahrefs, SEMrush, MJ12bot) and prevent image hotlinking that wastes bandwidth without authorization.
Real-time Output
The .htaccess code updates as you toggle options - see exactly what each setting adds to your configuration file before copying.
Download Ready
Copy the complete .htaccess content and paste into your hosting control panel or deploy directly to your server root.
🎯 Real Scenarios & Use Cases
Shared Hosting Setup
Configure HTTPS, www canonicalization, and browser caching for new websites on shared hosting providers that use Apache.
Website Migrations
Add custom 301 redirects for every old URL when redesigning or migrating a website to prevent link equity loss and broken links.
WordPress Security
WordPress relies on .htaccess for URL rewriting. Add hotlink protection and bad bot blocking to your existing WordPress .htaccess.
SEO Canonicalization
Force HTTPS and choose between www/non-www to establish canonical URLs - critical for preventing duplicate content Google penalties.
Bandwidth Protection
Prevent other websites from embedding your images directly, wasting your hosting bandwidth without providing any traffic in return.
Performance Tuning
Enable Gzip and browser caching to improve Core Web Vitals scores for Apache-hosted websites without modifying server configuration files.
💡 Pro Tips for Accurate Results
Always back up your existing .htaccess before making changes. A syntax error in .htaccess causes a 500 Internal Server Error for your entire website. Test changes in a staging environment first.
For WordPress sites, your existing .htaccess contains WordPress rewrite rules between # BEGIN WordPress and # END WordPress markers. Add custom directives above or below these markers, never inside them.
The www vs. non-www choice should be consistent across your entire web presence - DNS, HTML canonical tags, sitemap URLs, and .htaccess should all agree. Once chosen, 301-redirect from the non-canonical version and stick with it permanently.
For WordPress specifically, your .htaccess file contains the WordPress rewrite rules between # BEGIN WordPress and # END WordPress comment markers. When adding custom rules, always add them ABOVE the # BEGIN WordPress marker or BELOW the # END WordPress marker - never inside these markers, as WordPress will overwrite them when you save permalink settings.
mod_rewrite debugging is notoriously difficult. Enable RewriteLog (Apache 2.2) or trace logging (Apache 2.4: LogLevel alert rewrite:trace8 in httpd.conf) to see exactly how each request is processed through your RewriteRules. Also check Apache's error_log for 500 Internal Server Error details that .htaccess issues generate but browsers only show as generic errors.
For sites migrating from HTTP to HTTPS, the order of your redirects matters. Force HTTPS first, then canonicalize www/non-www. If you do it in the wrong order, you get double redirects (HTTP non-www -> HTTP www -> HTTPS www) which Google counts against Core Web Vitals and wastes time-to-first-byte. The correct order: 1) HTTP -> HTTPS, 2) www/non-www canonicalization.
🔢 Data Sources & Methodology
Apache's .htaccess mechanism was introduced in NCSA HTTPd (Apache's predecessor) in the early 1990s and formalized in Apache 1.0 (1995). The name ".htaccess" originally stood for "hypertext access" - a per-directory access control file. Despite being over 30 years old, .htaccess remains the primary configuration mechanism for approximately 33% of all web servers (Apache serves roughly 30% of websites, mostly shared hosting environments).
mod_rewrite, Apache's URL rewriting module, was written by Ralf S. Engelschall and included in Apache 1.2 (1996). RewriteRule uses PCRE (Perl Compatible Regular Expressions) for pattern matching, making it extremely powerful but also notoriously difficult to debug. The RewriteLog directive (Apache 2.2) and trace-level logging (Apache 2.4+) are essential debugging tools when rules don't behave as expected.
According to W3Techs (2024), Apache powers approximately 28.2% of all websites, primarily on shared hosting platforms like cPanel, Bluehost, SiteGround, and HostGator - all of which use .htaccess for per-site configuration since users don't have access to the main httpd.conf.
🏁 Bottom Line
The .htaccess Generator eliminates the need to remember Apache RewriteRule syntax for the most common web server tasks. Generate, copy, and deploy in minutes - free, private, and accurate.
What is .htaccess and when should I use it instead of Apache main config?
.htaccess is a directory-level Apache configuration file that applies to the directory it is in and all subdirectories. It allows per-directory configuration without access to the main httpd.conf. Use .htaccess when: you are on shared hosting without access to server config, you need different rules per directory, or your deployment pipeline makes updating the main config difficult. When to prefer main config: .htaccess is checked on every request for every file served from that directory, which has a small performance cost. High-traffic sites should move .htaccess rules to the main server config (or a virtual host config) and disable AllowOverride to eliminate the performance overhead.
How do I redirect all HTTP traffic to HTTPS with .htaccess?
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] The R=301 flag is critical — 301 is permanent redirect, which browsers and search engines cache. R=302 is temporary. Using 302 for an HTTPS redirect means browsers will not cache it and will always send an HTTP request first. For sites with HSTS (HTTP Strict Transport Security), also add the header: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" — this tells browsers to always use HTTPS for 1 year without even attempting HTTP.
How do I create clean URLs by removing .php or .html extensions?
RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^([^.]+)$ $1.php [L] The conditions !-f and !-d ensure existing files and directories are served directly without rewriting. This rule rewrites /about to /about.php. For removing .html: replace $1.php with $1.html. For a more flexible approach that tries PHP first, then HTML: use a RewriteCond checking for each file's existence. Always test rewrites carefully — a misconfigured rule can cause infinite redirect loops or 500 errors.
How do I set browser caching headers with .htaccess?
<IfModule mod_expires.c> ExpiresActive On ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType text/html "access plus 0 seconds" </IfModule> Set images and static assets to 1 year when you use content-hash filenames (image.abc123.png). Set HTML to 0 seconds (no cache) so new deployments are picked up immediately. For versioned assets without hash filenames, use shorter periods (1 week or 1 month) to balance caching and freshness.
How do I enable GZIP compression with .htaccess?
<IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/plain text/css application/json application/javascript text/xml application/xml </IfModule> GZIP typically compresses HTML/CSS/JS by 60-80%, significantly reducing page load time. Do not compress images (already compressed) or binary files (no benefit). If your server does not have mod_deflate, mod_gzip is an older alternative. Modern Apache servers (2.4+) often have mod_brotli available for even better compression ratios than GZIP — brotli compresses ~15-20% better than GZIP for typical web assets.
What is the difference between a 301 and 302 redirect in .htaccess?
301 Moved Permanently: the resource has permanently moved to the new URL. Browsers cache this redirect — after visiting once, the browser goes directly to the new URL without hitting the server. Search engines transfer link equity (PageRank) to the new URL and update their index. Use for: HTTPS redirects, domain migrations, permanent URL restructuring. 302 Found (Temporary): the resource is temporarily at the new URL. Browsers do not cache it. Search engines retain the original URL in their index. Use for: maintenance pages, A/B testing redirects, temporary location changes.
What other web server and infrastructure tools are on this site?
The robots.txt Generator creates search crawler control files that accompany .htaccess server configuration. The MIME Type Lookup tool identifies MIME types to add to .htaccess AddType directives. The CIDR Calculator helps with IP-based access control rules (Allow from 192.168.1.0/24). The HTTP Headers Analyzer checks which headers your server is actually returning after .htaccess changes. The Meta Tag Generator handles HTML-level redirects as an alternative to .htaccess when server access is unavailable. All are in the Dev Tools section.