Generate Apache .htaccess — HTTPS redirect, www toggle, gzip, cache headers, hotlink protection.
- Runs locally
- Category Generator
- Best for Starting from a blank page without committing to the first result.
<IfModule mod_rewrite.c>
RewriteEngine On
# Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Strip www
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301]
</IfModule>
<IfModule mod_deflate.c>
# Gzip compression
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
AddOutputFilterByType DEFLATE application/javascript application/json application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml
AddOutputFilterByType DEFLATE image/svg+xml font/woff font/woff2 application/font-woff
</IfModule>
<IfModule mod_expires.c>
# Browser cache (mod_expires)
ExpiresActive On
ExpiresDefault "access plus 1 month"
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType application/json "access plus 0 seconds"
</IfModule>
# Custom error pages
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
# Directory listing off
Options -IndexesWhat this tool does
Free Apache .htaccess builder. Tick the blocks you want — force HTTPS, pick a canonical host (force-www or strip-www), enable gzip via mod_deflate, set browser cache lifetimes per mimeType via mod_expires, block hotlinking by Referer, swap in custom 404 / 500 / 503 error pages, blacklist abusive User-Agents, toggle directory listing, and open CORS for an origin. Output is rebuilt live as you click and ships with comment headers explaining every rule. Copy to clipboard or download the file directly. 100% client-side: nothing is uploaded and there are no external API calls.
Tool details
- Input
- Files + Text + Numbers
- The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
- Output
- Live result + Copy + Download
- The result area focuses on usable output, with copy, download, or preview actions when supported.
- Privacy
- Browser-side processing
- The main tool logic does not call an external API, so inputs normally stay in the current tab.
- Save / share
- No account required
- Open the page and use it; whether results survive refresh depends on the tool.
- Performance budget
- Initial JS <= 18 KB
- No WASM budget is declared, keeping the tool quick to open on mobile.
- Best fit
- Generator · Developer
- Category and role tags drive related tools, internal links, and quick fit checks.
How to use
-
1. Input
Paste or drop your content into the tool panel.
-
2. Process
Click the button. All processing is local in your browser.
-
3. Copy / Download
Copy the result or download to disk in one click.
How .htaccess Generator fits into your work
Use it to get a strong first draft, starter asset, or structured output that you can edit before publishing.
Generation jobs
- Starting from a blank page without committing to the first result.
- Creating repeatable drafts, names, templates, or placeholder assets.
- Exploring options before choosing the one that fits the job.
Generation checks
- Review generated output before it reaches a customer, page, or document.
- Change defaults when you need a specific brand voice, format, or audience.
- Keep only the parts that match the real task.
Good next steps
These links move the current task into a more complete workflow.
- 1 robots.txt Generator Generate robots.txt with templates for common crawlers (Google, Bing, AI scrapers). Open
- 2 Meta Tag Generator Generate SEO meta tags — title, description, Open Graph, Twitter Card, Schema.org. Open
- 3 JSON Formatter & Validator Format, validate, and minify JSON instantly — right in your browser. Open
Real-world use cases
Force HTTPS on a shared-hosting WordPress site after installing an SSL cert
Your host just issued a free Let's Encrypt cert but the site still loads over http and shows mixed-content warnings. You have no access to httpd.conf. Tick "Force HTTPS" plus "Force www", paste the two rewrite blocks above WordPress's own rules, and every http request 301-redirects to https://www in one hop. Verify with curl -I and watch for a single 301, not a redirect loop.
Cut repeat-visit load time by setting per-type browser cache lifetimes
A landing page reloads its 1.2 MB hero image and CSS on every visit because nothing sets an Expires header. Enable the mod_expires block, give images 1 year, CSS/JS 1 month, and HTML 1 hour. Returning visitors now pull static assets from disk cache, so a 40-request page drops to 3 network requests and feels instant on the second view.
Stop another site from hotlinking your images and burning your bandwidth
Analytics show 60% of your image bandwidth comes from a forum that embeds your product photos directly. Turn on hotlink protection, allow your own domain plus Google Images, and serve a 1px placeholder to everyone else. The forum's embeds break, your origin transfer drops sharply, and legitimate visitors notice nothing.
Open CORS for one front-end origin calling a same-server JSON endpoint
Your React app on app.example.com fetches /api/config.json served by Apache on example.com and the browser blocks it with a CORS error. Add a scoped Access-Control-Allow-Origin for https://app.example.com (not the wildcard *) plus Allow-Methods GET, OPTIONS. The fetch now succeeds, and you avoid the blanket * that would expose the endpoint to every site on the web.
Common pitfalls
Using 302 instead of 301 for the HTTPS redirect — 302 is "temporary" so search engines keep indexing the http URL. This generator emits R=301 by default.
Combining force-www and strip-www at once, which creates an infinite redirect loop (www → non-www → www). Pick exactly one canonical host.
Caching HTML for a year like you do for images — visitors get stale pages after a deploy. Keep HTML at access plus 1 hour or shorter and version your static filenames.
Privacy
Everything runs in your browser. The hosts, paths, origins, and User-Agent strings you type are used only to assemble the rule text locally and are never uploaded — there are no API calls and no analytics on your input. The generated config never appears in the page URL, so pasting a domain or a CORS origin here won't leak it into your history or any share link. Copy or download the result; nothing is stored after you close the tab.
FAQ
Tool combos
Folks in your role tend to reach for these alongside this tool.
- 555 Timer Calculator Astable f = 1.44/((R1+2R2)C) + monostable t = 1.1RC — pick R1, R2, C in Ω/kΩ and µF/nF, read frequency, duty cycle and pulse width — browser-only
- Add Line Numbers Number every line of pasted text — set start, step and separator, zero-pad to align, skip blanks, or strip numbers back off — browser-only
- AES Text Encryptor Encrypt & decrypt text with a password — AES-256-GCM + PBKDF2 via WebCrypto — 100% in your browser, nothing uploaded
- Affine Cipher Encoder & Decoder Encrypt and decrypt the ax+b affine cipher with live modular-inverse check, browser-only