What is an .htaccess file?

.htaccess (hypertext access) is a configuration file for Apache web servers. It controls URL redirects, security headers, compression, caching, access control, and error pages for the directory it is placed in and all subdirectories. Changes take effect immediately without restarting the server.

How do I redirect HTTP to HTTPS in .htaccess?

Add these three lines: RewriteEngine On, RewriteCond %{HTTPS} off, RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]. This checks if HTTPS is off and redirects all requests to the HTTPS version with a 301 permanent redirect. The [L] flag stops further processing.

What is the difference between 301 and 302 redirects?

A 301 redirect is permanent — search engines transfer all link equity (SEO value) to the new URL and update their index. A 302 redirect is temporary — search engines keep the original URL indexed and do not transfer link equity. Use 301 for permanent URL changes and 302 for temporary maintenance pages.

How do I enable GZIP compression in .htaccess?

Use mod_deflate: wrap AddOutputFilterByType DEFLATE directives in . Compress text/html, text/css, application/javascript, application/json, image/svg+xml, and font files. GZIP typically reduces file sizes by 60-80%, significantly improving page load times.

How do I set browser caching in .htaccess?

Use mod_expires: enable ExpiresActive On, then set ExpiresDefault and ExpiresByType for different content types. Common settings: HTML = 0 seconds (always fresh), CSS/JS = 1 month, images/fonts = 1 year. This tells browsers to cache static assets locally instead of re-downloading them.

Does .htaccess work on Nginx or Node.js servers?

No. .htaccess is Apache-specific. Nginx uses nginx.conf or site configuration files with different syntax. Node.js/Express uses middleware for redirects and headers. However, many shared hosting providers run Apache and support .htaccess. Cloud platforms (Vercel, Netlify) use their own configuration formats.

Back

.htaccess Generator

.htaccess is an Apache server configuration file that controls URL redirects, security headers, compression, and caching per-directory. Common rules: RewriteRule for HTTPS redirect, Redirect 301 for permanent URL changes, mod_deflate for GZIP compression, mod_expires for browser caching, Header set for security headers (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options). Changes take effect immediately without server restart.

Generate .htaccess rules for Apache servers. HTTPS redirect, www/non-www, GZIP compression, browser caching, security headers, custom error pages, IP blocking, and hotlink protection.

Works OfflineDark ModeNo Ads

Redirects & Rewrites

Force HTTPS

WWW Redirect:

Trailing Slash:

Custom Redirects

Security

Enable directory listingShow server signatureX-XSS-Protection headerX-Content-Type-Options: nosniff

X-Frame-Options:

Referrer-Policy:

Performance

GZIP CompressionBrowser Caching

Default duration:

Custom Error Pages

404 (Not Found):

403 (Forbidden):

500 (Server Error):

Access Control

Block IPs (one per line)

Hotlink Protection

Generated .htaccess

# Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ===== SECURITY =====
# Disable directory listing
Options -Indexes
# Hide server signature
ServerSignature Off
# XSS Protection
Header set X-XSS-Protection "1; mode=block"
# Prevent MIME-type sniffing
Header set X-Content-Type-Options "nosniff"
# Clickjacking protection
Header set X-Frame-Options "SAMEORIGIN"
# Referrer policy
Header set Referrer-Policy "strict-origin-when-cross-origin"

# ===== COMPRESSION =====
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/xml
  AddOutputFilterByType DEFLATE text/css text/javascript application/javascript
  AddOutputFilterByType DEFLATE application/json application/xml
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE application/font-woff application/font-woff2
</IfModule>

# ===== BROWSER CACHING =====
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 month"
  ExpiresByType text/html "access plus 0 seconds"
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType font/woff2 "access plus 1 year"
</IfModule>

Common .htaccess Directives

Directive	Purpose	Example
RewriteRule	URL rewriting	RewriteRule ^old$ /new [R=301,L]
Redirect	Simple redirect	Redirect 301 /old /new
ErrorDocument	Custom error pages	ErrorDocument 404 /404.html
Options	Directory options	Options -Indexes
Header set	HTTP headers	Header set X-Frame-Options "DENY"
ExpiresDefault	Cache duration	ExpiresDefault "access plus 1 month"
AddOutputFilterByType	Compression	AddOutputFilterByType DEFLATE text/html
Require	Access control	Require not ip 192.168.1.1

How to Use

1
Choose a preset or start from scratch
Click WordPress, Security Focused, Performance, or Minimal to pre-configure common settings. Or configure each section manually.
2
Configure redirects and security
Enable HTTPS redirect, choose www/non-www preference, set security headers (XSS protection, clickjacking prevention), and add custom redirects.
3
Set performance options
Enable GZIP compression for text, CSS, JS, and fonts. Enable browser caching with your preferred duration (1 week to 1 year).
4
Copy the generated config
Review the generated .htaccess code in the output area. Click Copy to copy it. Place the file in your Apache server's document root directory.

Frequently Asked Questions

What is an .htaccess file?: .htaccess (hypertext access) is a configuration file for Apache web servers. It controls URL redirects, security headers, compression, caching, access control, and error pages for the directory it is placed in and all subdirectories. Changes take effect immediately without restarting the server.
How do I redirect HTTP to HTTPS in .htaccess?: Add these three lines: RewriteEngine On, RewriteCond %{HTTPS} off, RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]. This checks if HTTPS is off and redirects all requests to the HTTPS version with a 301 permanent redirect. The [L] flag stops further processing.
What is the difference between 301 and 302 redirects?: A 301 redirect is permanent — search engines transfer all link equity (SEO value) to the new URL and update their index. A 302 redirect is temporary — search engines keep the original URL indexed and do not transfer link equity. Use 301 for permanent URL changes and 302 for temporary maintenance pages.
How do I enable GZIP compression in .htaccess?: Use mod_deflate: wrap AddOutputFilterByType DEFLATE directives in <IfModule mod_deflate.c>. Compress text/html, text/css, application/javascript, application/json, image/svg+xml, and font files. GZIP typically reduces file sizes by 60-80%, significantly improving page load times.
How do I set browser caching in .htaccess?: Use mod_expires: enable ExpiresActive On, then set ExpiresDefault and ExpiresByType for different content types. Common settings: HTML = 0 seconds (always fresh), CSS/JS = 1 month, images/fonts = 1 year. This tells browsers to cache static assets locally instead of re-downloading them.
Does .htaccess work on Nginx or Node.js servers?: No. .htaccess is Apache-specific. Nginx uses nginx.conf or site configuration files with different syntax. Node.js/Express uses middleware for redirects and headers. However, many shared hosting providers run Apache and support .htaccess. Cloud platforms (Vercel, Netlify) use their own configuration formats.