Apache config without the guesswork
The .htaccess Generator builds the Apache directives most sites need — forcing HTTPS, choosing www or non-www, enabling compression and caching, and adding security headers. Hand-written .htaccess rules are unforgiving: one typo returns a 500 error for every visitor. Toggle the rules you want and copy a clean, IfModule-guarded config.
What you can generate
| Rule category | What it does |
|---|---|
| Force HTTPS | 301-redirects all HTTP traffic to the HTTPS version |
| www → non-www (or reverse) | Canonicalises the host to your chosen form |
| GZIP compression | Enables mod_deflate for HTML, CSS, JS, fonts |
| Browser caching | Sets Expires or Cache-Control via mod_expires |
| Security headers | Adds X-Content-Type-Options, X-Frame-Options, Referrer-Policy |
| Custom error pages | Maps 404, 500 etc. to your own error templates |
How it works
.htaccess is a per-directory configuration file Apache reads on each request. Redirects use the mod_rewrite engine, which matches conditions and rewrites or redirects the URL:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]
RewriteCond checks a condition (here, that the request is not already HTTPS) and RewriteRule performs a permanent (R=301) redirect. Compression (mod_deflate), caching (mod_expires) and header rules (mod_headers) are wrapped in <IfModule> blocks so they are silently skipped when a module is absent — protecting you from accidental 500s.
Worked example: HTTPS + canonical non-www
Consider a site reachable at http://www.example.com, http://example.com, and https://www.example.com. You want every visitor to land on https://example.com. The safest approach is a single combined redirect that handles both the protocol upgrade and the host switch together, avoiding two chained hops:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [L,R=301]
The two RewriteCond lines are combined with [OR] so the rule fires whenever either condition is true — if the request is plain HTTP, or if the host starts with www.. One redirect, canonical URL, done.
Common pitfalls
- Two separate redirects instead of one — chaining an HTTP→HTTPS redirect before a www→non-www redirect causes two round-trips, adds latency, and can confuse some clients.
- Wrong
AllowOverridesetting — if your Apache vhost hasAllowOverride None, the.htaccessfile is silently ignored. SetAllowOverride Allin the vhost or restrict it toAllowOverride FileInfo Options. - Missing
mod_rewrite— on a fresh VPS, enable it witha2enmod rewriteand restart Apache. Shared hosts usually have it on by default. - Forgetting to test on staging — a syntax error takes the entire directory offline with a 500, so always test on a non-production environment first and keep a backup copy.
Tips
- Pick one canonical host (either www or non-www) and redirect the other to avoid duplicate-content SEO issues.
- Always back up your existing
.htaccessbefore replacing it; a single bad line takes the whole directory down. - These rules are Apache-only. On Nginx, translate them into
serverblock directives instead. - Performance note:
.htaccessis parsed on every request. For high-traffic sites, move stable rules into the vhost config (httpd.confor a site conf) and disable.htaccesslookups withAllowOverride Nonein directories that do not need it.