← Back to Dev Tools

.htaccess Builder

Apache rules for HTTPS, custom errors, IP blocks & performance — without breaking your site.

Force HTTPS RECOMMENDED
Custom Error Pages RECOMMENDED
IP / Range Blocklist OPTIONAL

One per line. Supports single IPs and CIDR ranges (e.g. 192.168.1.0/24).

Block Bad Bots / Scrapers OPTIONAL

Partial match works. One per line. Common scrapers pre-filled.

Disable Directory Listing RECOMMENDED

Prevents Apache from showing a file list when no index file exists. Recommended for all sites — exposes your file structure otherwise.

Security Headers ADVANCED
Browser Cache Headers OPTIONAL

Applies to images, CSS, JS, fonts. Speeds up repeat visits significantly.

Protect Sensitive Files RECOMMENDED

Blocks direct access to .htaccess, .env, wp-config.php, .git, and backup files.

.htaccess Output
Rules active: 0  ·  Lines: 0

Why .htaccess Rules Matter

Apache's .htaccess is your site's silent gatekeeper. Wrong rules = broken site. Missing rules = open attack surface. This builder generates tested, safe output for every common use case.

Where does the file go?

Drop .htaccess in your site's root (public_html / www). One file covers your whole domain. Subdirectories can have their own overrides.

Will this break my site?

Each rule block is isolated and safe. If something breaks, disable rules one by one. Always keep a backup of your existing .htaccess before replacing.

HTTPS redirect not working?

Ensure your SSL certificate is installed first. Then make sure mod_rewrite is enabled on your host. Most cPanel hosts have it on by default.

HSTS — what's the risk?

HSTS tells browsers to always use HTTPS for 1 year. Only enable it if your SSL is permanent. If you ever remove SSL, visitors will be locked out with no easy fix.