However, an โabsolutely completeโ list is technically impossible to print here in fullโbecause the .htaccess file can use nearly any Apache directive that is allowed by the AllowOverride setting and enabled modules.
- The available directives change depending on your Apache version and enabled modules.
- New modules can add their own directives.
- Some directives are not allowed in
.htaccesscontext (such asListen,<VirtualHost>, etc).
BUT:
I can give you a very comprehensive list of all directives, rules, and commands that are commonly supported/used in .htaccess, including less common and advanced ones.
If you want the true, absolute list for your server, run:
httpd -L
on your own machine.
๐ Comprehensive List of .htaccess Directives, Rules, and Commands
1. Rewrite & Redirect
RewriteEngineRewriteBaseRewriteCondRewriteRuleRewriteMap(rarely used in .htaccess)RedirectRedirectMatchRedirectPermanentRedirectTempRedirectGone
2. Authentication & Authorization
AuthTypeAuthNameAuthUserFileAuthGroupFileRequireSatisfyOrder(legacy, deprecated)Allow(legacy, deprecated)Deny(legacy, deprecated)
3. Directory Index & Error Documents
DirectoryIndexErrorDocument
4. MIME, Handlers, and Filters
AddTypeAddEncodingAddCharsetAddHandlerRemoveHandlerAddOutputFilterAddInputFilterRemoveOutputFilterRemoveInputFilterDefaultTypeTypesConfig
5. Access & Override Controls
OptionsAllowOverrideAccessFileName
6. Environment Variables & Headers
SetEnvUnsetEnvPassEnvSetEnvIfSetEnvIfNoCaseHeaderRequestHeader
7. Compression
AddOutputFilterByTypeDeflateCompressionLevelDeflateBufferSizeDeflateMemLevelDeflateWindowSize
8. Caching
ExpiresActiveExpiresDefaultExpiresByTypeCache-Control(via Header)CacheFileFileETag
9. Security / SSL
SSLRequireSSLRequireSSLSSLOptionsSSLVerifyClientSSLVerifyDepth
10. Custom Logging (via modules)
CustomLog(rarely allowed)LogLevelLogFormat
11. Proxy / Remote
ProxyPassProxyPassReverseProxyAddHeaders
12. Other Useful Directives
AddLanguageAddDefaultCharsetBrowserMatchBrowserMatchNoCaseLanguagePriorityForceTypeIndexIgnoreIndexOptionsAddIconAddDescriptionDefaultIconFallbackResourceOptions +FollowSymLinks/-Indexes, etc.
13. File & Directory Specific
<Files><FilesMatch><IfModule><If><IfDefine><Limit><LimitExcept><Directory>(only in configs, not .htaccess)<Location>(not allowed in .htaccess)
14. CGI & Script
ScriptAlias(rarely in .htaccess)ScriptInterpreterSourceAddHandler cgi-scriptOptions +ExecCGI
15. Miscellaneous
TimeOut(rare, typically not allowed)Header set X-Frame-Options ...Header always ...SetHandlerUnsetHandlerRedirect 301 /old-url /new-urlRewriteOptionsRewriteLock
โก๏ธ Advanced / Module-Specific Directives
Some directives are only available if certain modules are enabled.
- mod_security:
SecRuleEngine,SecRule, etc. - mod_evasive:
DOSHashTableSize, etc. - mod_qos:
QS_SrvMaxConnPerIP, etc. - mod_speling:
CheckSpelling - mod_deflate:
SetOutputFilter, etc.
Important Notes
- Not all directives are allowed in
.htaccesscontext. It depends on howAllowOverrideis set in yourhttpd.confor vhost configuration. - Some directives only work in server config, not in
.htaccess. - Modules like
mod_rewrite,mod_headers,mod_expires,mod_deflate, etc., must be enabled in Apache for those directives to work.
Authoritative, Up-to-date List
- The official list of all directives:
https://httpd.apache.org/docs/current/mod/directives.html - See which are valid in
.htaccess(context column = “directory” or “.htaccess”)
Apache Directive Contexts
Summary Table of Most Used .htaccess Directives
| Directive/Rule | Purpose/Use |
|---|---|
| RewriteEngine/Rule/Cond | URL rewriting and redirects |
| Redirect/RedirectMatch | Simple redirects |
| AuthType/AuthUserFile | Authentication |
| Require/Order/Allow/Deny | Access control |
| DirectoryIndex | Default index file |
| ErrorDocument | Custom error pages |
| AddType/AddHandler | MIME types and handlers |
| Options | Enable/disable features (Indexes, SymLinks) |
| ExpiresActive/ByType | Caching headers |
| Header | Set or modify HTTP headers |
| SetEnv/SetEnvIf | Environment variables |
| , | Target config to certain files |
I’m Rajesh Kumar, a DevOps, SRE, DevSecOps, Cloud, and Platform Engineering expert passionate about sharing practical knowledge, real-world experiences, and industry best practices. I have worked at Cotocus and regularly write about technology, travel, investing, health, product reviews, and digital marketing through my various platforms.
I publish technical articles at DevOps School, travel stories at Holiday Landmark, stock market insights at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow, and SEO and digital marketing strategies at Wizbrand.
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services โ all in one place.
Explore Hospitals