HomeGeneratorsDeveloper Tools.htaccess Generator

.htaccess Generator

Developer Tools

Generate an Apache .htaccess file for your website. Force HTTPS, configure www redirects, add 301 redirect rules, and set custom error pages — download ready.

What is a .htaccess?

An .htaccess file is a per-directory configuration file used by Apache web servers — the technology powering the majority of shared hosting plans, WordPress hosts, and cPanel-based environments. Placed in your website's root directory, it applies server-level rules that affect every request to your site: enforcing HTTPS, redirecting between www and non-www versions, setting up permanent redirects for changed URLs, adding custom error pages, and protecting your images from hotlinking.

The .htaccess Generator creates this file from a form interface, producing syntactically correct Apache configuration that can be uploaded directly to your server. Writing .htaccess rules by hand is error-prone: a missing backslash in a regex, an incorrect flag in a rewrite rule, or a path that does not start with / will either silently do nothing or — in the worst case — return a 500 Internal Server Error for your entire website.

The most common and most important use is HTTPS enforcement. Having an SSL certificate installed makes HTTPS available, but it does not redirect HTTP traffic automatically. Users who visit http://yoursite.com or click an old HTTP link land on the insecure version unless a redirect rule is in place. The generator adds a RewriteCond %{HTTPS} off check and a 301 redirect that sends all HTTP traffic to the HTTPS equivalent with zero configuration required on your part.

URL canonicalisation — choosing one definitive form for your domain — is the second major use. Search engines treat example.com and www.example.com as separate URLs. Without a redirect, content appears at two URLs simultaneously, splitting link equity and potentially creating duplicate content flags. The generator lets you enforce either form with a single selection.

Use this alongside robots.txt Generator and Sitemap.xml Generator to complete the full technical foundation of a new website deployment.

How to use this .htaccess calculator

  1. Toggle Force HTTPS on if your server has an SSL certificate installed — this adds a RewriteRule that 301-redirects all http:// requests to https://.
  2. Choose your WWW Preference — select Force www to always serve www.example.com, Force non-www to always serve example.com, or No preference to leave both accessible (not recommended for SEO).
  3. Enter your 301 Redirects in the text area — one per line in the format old-path https://example.com/new-path/. Old paths are relative (start with /); new URLs must be absolute (start with https://).
  4. Toggle Custom Error Pages on to add ErrorDocument directives that serve your custom 404 and 500 HTML pages — ensure those files exist at /404.html and /500.html before enabling this.
  5. Toggle Hotlink Protection on if you want to block other sites from embedding your images. Enter your Site Domain in the format example.com (no https://, no trailing slash) — the rule allows image requests from your own domain while blocking others.
  6. Copy the .htaccess Content from the output box. If you already have an .htaccess file, append the relevant sections above your existing rules. If starting fresh, save the output as .htaccess and upload to your website root directory.

Formula & Methodology

The generator assembles Apache directives in a specific order to prevent rule conflicts. Rules are grouped into sections, each preceded by a comment:

apache RewriteEngine On  # Force HTTPS RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]  # Force non-www RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301]  # 301 Redirects Redirect 301 /old-page/ https://example.com/new-page/  # Custom Error Pages ErrorDocument 404 /404.html ErrorDocument 500 /500.html  # Hotlink Protection RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC] RewriteRule \.(jpg|jpeg|png|gif|webp|svg)$ - [F,NC] 

Key flags explained:
- [L] — Last rule; stop processing further RewriteRules after this one
- [R=301] — Return HTTP 301 (Permanent Redirect) to the client
- [NC] — No Case — match regardless of upper/lower case
- [F] — Forbidden — return 403 to the client
- %{HTTP_HOST} — the domain name from the request header
- %1 — backreference to the first capture group in the preceding RewriteCond

The hotlink protection RewriteCond %{HTTP_REFERER} !^$ line allows direct browser access (no referer header) while blocking cross-site image embeds. Your domain's dots are escaped (\.) in the regex to prevent them from matching any character.

Frequently Asked Questions

.htaccess (HyperText Access) is a configuration file used by Apache web servers to apply server-level rules for specific directories and their subdirectories. Rules in this file control redirects, URL rewriting, access control, caching, and security settings without requiring changes to the main server configuration. It is placed in the directory where the rules should apply — typically the website root.
Common uses include forcing HTTPS on all traffic, redirecting www to non-www (or vice versa), setting up 301 permanent redirects from old URLs to new ones, blocking specific IP addresses, adding custom error pages, protecting image hotlinking, enabling GZIP compression, and setting browser cache headers. For SEO, the most important uses are enforcing a canonical URL structure (HTTPS and consistent www/non-www) and implementing 301 redirects for moved or deleted pages.
A 301 redirect signals that a page has permanently moved to a new URL — search engines transfer the original page's ranking signals to the new URL. A 302 redirect signals a temporary move — search engines keep the original URL in their index and do not transfer ranking signals. For SEO purposes, always use 301 when a page has permanently changed URL. Use 302 only for genuinely temporary situations, such as A/B testing a variant page or a seasonal campaign page.
An SSL certificate makes HTTPS available, but it does not automatically redirect HTTP requests to HTTPS — users who type your domain without 'https://' or click an old HTTP link will still reach the insecure version. The .htaccess redirect rule catches all HTTP requests and sends them to the HTTPS version with a 301 permanent redirect. Most browsers and search engines require HTTPS, and Google has used HTTPS as a ranking signal since 2014.
Search engines treat 'example.com' and 'www.example.com' as separate URLs by default. If both versions serve the same content without a canonical redirect, it can cause duplicate content issues and split link equity between two versions of the same site. Choosing one canonical form — with or without www — and 301-redirecting the other consolidates all traffic and rankings to a single URL. Either choice is valid; the important thing is consistency.
Use the Redirect directive: 'Redirect 301 /old-path/ https://example.com/new-path/'. The old path is relative to the website root (starting with /) and the new URL is absolute (starting with https://). Enter each redirect on its own line in the generator's Redirects field in the format 'old-path new-url'. The generator formats these as correct Redirect directives in the output.
Hotlinking is when another website embeds your images directly using your server's URL, consuming your bandwidth without your permission. This can significantly increase your hosting costs on bandwidth-metered plans. The .htaccess hotlink protection rule blocks image requests where the HTTP referer header does not match your own domain, returning a 403 Forbidden response to the requesting site. Your own pages and direct browser access continue to work normally.
.htaccess is specific to Apache and Apache-compatible servers (such as LiteSpeed). It does not work on Nginx, Caddy, or IIS servers. Most shared hosting plans run Apache, so .htaccess works on the majority of shared hosting environments including cPanel-based hosts. If you are on Nginx — common with VPS and cloud servers — you need to implement equivalent rules in the Nginx server block configuration file instead.
Yes — a syntax error in .htaccess can return a 500 Internal Server Error for all pages on your site until the error is fixed. Before uploading changes, keep a backup of the working .htaccess file and test the new version on a staging environment first. If your site goes down after an upload, access your server via FTP or the hosting control panel file manager and either delete the .htaccess file or restore the backup. The generator produces syntactically correct output, but always verify the paths you enter are accurate.
Upload .htaccess to the root directory of your website — the same directory that contains your index.html or index.php file. On cPanel hosting, this is typically the public_html folder. The file must be named exactly '.htaccess' (with a leading dot and no file extension). On Windows computers, creating a file starting with a dot can be tricky — you may need to use FTP software or your hosting file manager rather than Windows Explorer.
No. The .htaccess Generator runs entirely in your browser. The redirect rules, domain name, and settings you enter are processed locally by JavaScript and never sent to any server. Nothing is stored, logged, or shared. You can safely enter your real production domain and live redirect paths without any privacy concern.
Also known as
htaccess generatorApache redirect generatorforce HTTPS htaccess301 redirect generatorwww to non-www redirecthtaccess file builder