Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours scrolling social media and waste money on things we forget, but won’t spend 30 minutes a day earning certifications that can change our lives.
Master in DevOps, SRE, DevSecOps & MLOps by DevOpsSchool!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Uncategorised

Apache: Comprehensive List of .htaccess Directives, Rules, and Commands

July 18, 2025 Leave a Comment

However, an “absolutely complete” list is technically impossible to print here in full—because the .htaccess file can use nearly any Apache directive that is allowed by the AllowOverride setting and enabled modules.

  • The available directives change depending on your Apache version and enabled modules.
  • New modules can add their own directives.
  • Some directives are not allowed in .htaccess context (such as Listen, <VirtualHost>, etc).

BUT:
I can give you a very comprehensive list of all directives, rules, and commands that are commonly supported/used in .htaccess, including less common and advanced ones.
If you want the true, absolute list for your server, run:

httpd -L

on your own machine.

📃 Comprehensive List of .htaccess Directives, Rules, and Commands

1. Rewrite & Redirect

  • RewriteEngine
  • RewriteBase
  • RewriteCond
  • RewriteRule
  • RewriteMap (rarely used in .htaccess)
  • Redirect
  • RedirectMatch
  • RedirectPermanent
  • RedirectTemp
  • RedirectGone

2. Authentication & Authorization

  • AuthType
  • AuthName
  • AuthUserFile
  • AuthGroupFile
  • Require
  • Satisfy
  • Order (legacy, deprecated)
  • Allow (legacy, deprecated)
  • Deny (legacy, deprecated)

3. Directory Index & Error Documents

  • DirectoryIndex
  • ErrorDocument

4. MIME, Handlers, and Filters

  • AddType
  • AddEncoding
  • AddCharset
  • AddHandler
  • RemoveHandler
  • AddOutputFilter
  • AddInputFilter
  • RemoveOutputFilter
  • RemoveInputFilter
  • DefaultType
  • TypesConfig

5. Access & Override Controls

  • Options
  • AllowOverride
  • AccessFileName

6. Environment Variables & Headers

  • SetEnv
  • UnsetEnv
  • PassEnv
  • SetEnvIf
  • SetEnvIfNoCase
  • Header
  • RequestHeader

7. Compression

  • AddOutputFilterByType
  • DeflateCompressionLevel
  • DeflateBufferSize
  • DeflateMemLevel
  • DeflateWindowSize

8. Caching

  • ExpiresActive
  • ExpiresDefault
  • ExpiresByType
  • Cache-Control (via Header)
  • CacheFile
  • FileETag

9. Security / SSL

  • SSLRequire
  • SSLRequireSSL
  • SSLOptions
  • SSLVerifyClient
  • SSLVerifyDepth

10. Custom Logging (via modules)

  • CustomLog (rarely allowed)
  • LogLevel
  • LogFormat

11. Proxy / Remote

  • ProxyPass
  • ProxyPassReverse
  • ProxyAddHeaders

12. Other Useful Directives

  • AddLanguage
  • AddDefaultCharset
  • BrowserMatch
  • BrowserMatchNoCase
  • LanguagePriority
  • ForceType
  • IndexIgnore
  • IndexOptions
  • AddIcon
  • AddDescription
  • DefaultIcon
  • FallbackResource
  • Options +FollowSymLinks / -Indexes, etc.

13. File & Directory Specific

  • <Files>
  • <FilesMatch>
  • <IfModule>
  • <If>
  • <IfDefine>
  • <Limit>
  • <LimitExcept>
  • <Directory> (only in configs, not .htaccess)
  • <Location> (not allowed in .htaccess)

14. CGI & Script

  • ScriptAlias (rarely in .htaccess)
  • ScriptInterpreterSource
  • AddHandler cgi-script
  • Options +ExecCGI

15. Miscellaneous

  • TimeOut (rare, typically not allowed)
  • Header set X-Frame-Options ...
  • Header always ...
  • SetHandler
  • UnsetHandler
  • Redirect 301 /old-url /new-url
  • RewriteOptions
  • RewriteLock

⚡️ Advanced / Module-Specific Directives

Some directives are only available if certain modules are enabled.

  • mod_security: SecRuleEngine, SecRule, etc.
  • mod_evasive: DOSHashTableSize, etc.
  • mod_qos: QS_SrvMaxConnPerIP, etc.
  • mod_speling: CheckSpelling
  • mod_deflate: SetOutputFilter, etc.

Important Notes

  • Not all directives are allowed in .htaccess context. It depends on how AllowOverride is set in your httpd.conf or vhost configuration.
  • Some directives only work in server config, not in .htaccess.
  • Modules like mod_rewrite, mod_headers, mod_expires, mod_deflate, etc., must be enabled in Apache for those directives to work.

Authoritative, Up-to-date List

Summary Table of Most Used .htaccess Directives

Directive/RulePurpose/Use
RewriteEngine/Rule/CondURL rewriting and redirects
Redirect/RedirectMatchSimple redirects
AuthType/AuthUserFileAuthentication
Require/Order/Allow/DenyAccess control
DirectoryIndexDefault index file
ErrorDocumentCustom error pages
AddType/AddHandlerMIME types and handlers
OptionsEnable/disable features (Indexes, SymLinks)
ExpiresActive/ByTypeCaching headers
HeaderSet or modify HTTP headers
SetEnv/SetEnvIfEnvironment variables
,Target config to certain files

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x