htaccess Generator — Redirects, HTTPS, Caching, Free
Generate Apache .htaccess rules for redirects, HTTPS, GZIP, caching, hotlink protection, password gates. Browser-only — no signup.
About .htaccess Generator
.htaccess is Apache's per-directory config file — it controls URL rewriting, redirects, HTTPS forcing, cache headers, GZIP compression, password protection, hotlink blocking, and IP allow/deny. The syntax is unforgiving; one stray character returns 500. The ZTools .htaccess Generator gives you a UI for the most common rules, validates the output against Apache's spec, and explains each line so you understand what you're shipping. Useful for shared-hosting WordPress / static sites where Apache is the only web server you can configure.
Use cases
- Force HTTPS site-wide. A few lines of mod_rewrite redirect every HTTP request to HTTPS. Generator emits the canonical pattern.
- Old domain → new domain redirects. Migrating sites. Generator builds 301 redirects preserving paths (/about → newdomain.com/about) so SEO juice transfers.
- Browser caching headers. Set Cache-Control / Expires per file type — JS/CSS for a year, HTML for 5 minutes. Improves PageSpeed score.
- Password-protect a directory. AuthType Basic + AuthUserFile pointing at a .htpasswd. Generator gives you both files.
- Block hotlinking. Stop other sites from embedding your images and burning your bandwidth. RewriteCond on Referer.
How it works
- Pick rules. Checkboxes for HTTPS, www-canonicalisation, redirects, caching, GZIP, hotlink protection, security headers, password protection.
- Configure each. For redirects, paste old-URL → new-URL pairs. For caching, pick a TTL per file type. For password, set username + password (generator creates .htpasswd).
- Generate output. Output is a single .htaccess file with comments explaining each block. Optional .htpasswd companion file when password rules are enabled.
- Test before deploying. Apache fails closed — bad .htaccess = 500 errors. Test on a staging URL first.
Examples
Input: Force HTTPS
Output: RewriteEngine On\nRewriteCond %{HTTPS} off\nRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Input: Cache JS/CSS for 1 year
Output: <IfModule mod_expires.c>\nExpiresActive On\nExpiresByType text/css "access plus 1 year"\nExpiresByType application/javascript "access plus 1 year"\n</IfModule>
Input: Block hotlinking
Output: RewriteCond %{HTTP_REFERER} !^$\nRewriteCond %{HTTP_REFERER} !^https?://(www\\.)?yoursite\\.com [NC]\nRewriteRule \\.(jpg|jpeg|png|gif)$ - [F]
Frequently asked questions
Will this work on Nginx?
No — Nginx uses a totally different config syntax. .htaccess is Apache-specific. For Nginx, use the equivalent location/server blocks.
Does my hosting allow .htaccess?
Most shared hosting (cPanel, Bluehost, SiteGround) does. Some setups require AllowOverride All in the parent VirtualHost. Check with your host.
How do I revert if something breaks?
Always back up the existing .htaccess before replacing. If 500 errors appear, restore the backup. Apache reads .htaccess on every request — changes take effect immediately.
Is mod_rewrite always available?
On most modern Apache installs, yes. If `RewriteEngine On` errors out, mod_rewrite is disabled and your hosting needs to enable it.
Privacy?
All generation in browser. Hosting credentials never asked for.
Pro tips
- Always back up the existing .htaccess before deploying changes — Apache offers no rollback.
- Use 301 redirects for SEO-critical permanent moves; 302 for temporary tests. Wrong choice tanks rankings.
- Combine GZIP + browser caching for the biggest perceived speed win — easy 30-50% load-time reduction on a typical WordPress site.
- For URL rewrites, test in a staging directory first — broken rewrites can lock you out of /wp-admin.
Reviewed by Ahsan Mahmood · Last updated 2026-05-06 · Part of ZTools.
For the full,
formatted version of this page, please enable JavaScript and reload
https://ztools.zaions.com/htaccess-generator.