{"id":50439,"date":"2025-07-18T13:49:38","date_gmt":"2025-07-18T13:49:38","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=50439"},"modified":"2025-07-18T13:49:38","modified_gmt":"2025-07-18T13:49:38","slug":"apache-comprehensive-list-of-htaccess-directives-rules-and-commands","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/apache-comprehensive-list-of-htaccess-directives-rules-and-commands\/","title":{"rendered":"Apache: Comprehensive List of .htaccess Directives, Rules, and Commands"},"content":{"rendered":"\n<p><strong>However, an \u201cabsolutely complete\u201d list is technically impossible to print here in full<\/strong>\u2014because the <code>.htaccess<\/code> file can use nearly <strong>any Apache directive that is allowed by the <code>AllowOverride<\/code> setting<\/strong> and enabled modules.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The available directives change depending on your Apache version and enabled modules.<\/li>\n\n\n\n<li>New modules can add their own directives.<\/li>\n\n\n\n<li>Some directives are <strong>not allowed<\/strong> in <code>.htaccess<\/code> context (such as <code>Listen<\/code>, <code>&lt;VirtualHost><\/code>, etc).<\/li>\n<\/ul>\n\n\n\n<p><strong>BUT:<\/strong><br>I can give you a <strong>very comprehensive list<\/strong> of all directives, rules, and commands that are commonly supported\/used in <code>.htaccess<\/code>, including less common and advanced ones.<br>If you want the <strong>true, absolute list<\/strong> for your server, run:<\/p>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">httpd -L\n<\/code><\/span><\/pre>\n\n\n<p>on your own machine.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcc3 <strong>Comprehensive List of .htaccess Directives, Rules, and Commands<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1. Rewrite &amp; Redirect<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>RewriteEngine<\/code><\/li>\n\n\n\n<li><code>RewriteBase<\/code><\/li>\n\n\n\n<li><code>RewriteCond<\/code><\/li>\n\n\n\n<li><code>RewriteRule<\/code><\/li>\n\n\n\n<li><code>RewriteMap<\/code> (rarely used in .htaccess)<\/li>\n\n\n\n<li><code>Redirect<\/code><\/li>\n\n\n\n<li><code>RedirectMatch<\/code><\/li>\n\n\n\n<li><code>RedirectPermanent<\/code><\/li>\n\n\n\n<li><code>RedirectTemp<\/code><\/li>\n\n\n\n<li><code>RedirectGone<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2. Authentication &amp; Authorization<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>AuthType<\/code><\/li>\n\n\n\n<li><code>AuthName<\/code><\/li>\n\n\n\n<li><code>AuthUserFile<\/code><\/li>\n\n\n\n<li><code>AuthGroupFile<\/code><\/li>\n\n\n\n<li><code>Require<\/code><\/li>\n\n\n\n<li><code>Satisfy<\/code><\/li>\n\n\n\n<li><code>Order<\/code> (legacy, deprecated)<\/li>\n\n\n\n<li><code>Allow<\/code> (legacy, deprecated)<\/li>\n\n\n\n<li><code>Deny<\/code> (legacy, deprecated)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3. Directory Index &amp; Error Documents<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>DirectoryIndex<\/code><\/li>\n\n\n\n<li><code>ErrorDocument<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>4. MIME, Handlers, and Filters<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>AddType<\/code><\/li>\n\n\n\n<li><code>AddEncoding<\/code><\/li>\n\n\n\n<li><code>AddCharset<\/code><\/li>\n\n\n\n<li><code>AddHandler<\/code><\/li>\n\n\n\n<li><code>RemoveHandler<\/code><\/li>\n\n\n\n<li><code>AddOutputFilter<\/code><\/li>\n\n\n\n<li><code>AddInputFilter<\/code><\/li>\n\n\n\n<li><code>RemoveOutputFilter<\/code><\/li>\n\n\n\n<li><code>RemoveInputFilter<\/code><\/li>\n\n\n\n<li><code>DefaultType<\/code><\/li>\n\n\n\n<li><code>TypesConfig<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>5. Access &amp; Override Controls<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>Options<\/code><\/li>\n\n\n\n<li><code>AllowOverride<\/code><\/li>\n\n\n\n<li><code>AccessFileName<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>6. Environment Variables &amp; Headers<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>SetEnv<\/code><\/li>\n\n\n\n<li><code>UnsetEnv<\/code><\/li>\n\n\n\n<li><code>PassEnv<\/code><\/li>\n\n\n\n<li><code>SetEnvIf<\/code><\/li>\n\n\n\n<li><code>SetEnvIfNoCase<\/code><\/li>\n\n\n\n<li><code>Header<\/code><\/li>\n\n\n\n<li><code>RequestHeader<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>7. Compression<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>AddOutputFilterByType<\/code><\/li>\n\n\n\n<li><code>DeflateCompressionLevel<\/code><\/li>\n\n\n\n<li><code>DeflateBufferSize<\/code><\/li>\n\n\n\n<li><code>DeflateMemLevel<\/code><\/li>\n\n\n\n<li><code>DeflateWindowSize<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>8. Caching<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ExpiresActive<\/code><\/li>\n\n\n\n<li><code>ExpiresDefault<\/code><\/li>\n\n\n\n<li><code>ExpiresByType<\/code><\/li>\n\n\n\n<li><code>Cache-Control<\/code> (via Header)<\/li>\n\n\n\n<li><code>CacheFile<\/code><\/li>\n\n\n\n<li><code>FileETag<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>9. Security \/ SSL<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>SSLRequire<\/code><\/li>\n\n\n\n<li><code>SSLRequireSSL<\/code><\/li>\n\n\n\n<li><code>SSLOptions<\/code><\/li>\n\n\n\n<li><code>SSLVerifyClient<\/code><\/li>\n\n\n\n<li><code>SSLVerifyDepth<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>10. Custom Logging (via modules)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>CustomLog<\/code> (rarely allowed)<\/li>\n\n\n\n<li><code>LogLevel<\/code><\/li>\n\n\n\n<li><code>LogFormat<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>11. Proxy \/ Remote<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ProxyPass<\/code><\/li>\n\n\n\n<li><code>ProxyPassReverse<\/code><\/li>\n\n\n\n<li><code>ProxyAddHeaders<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>12. Other Useful Directives<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>AddLanguage<\/code><\/li>\n\n\n\n<li><code>AddDefaultCharset<\/code><\/li>\n\n\n\n<li><code>BrowserMatch<\/code><\/li>\n\n\n\n<li><code>BrowserMatchNoCase<\/code><\/li>\n\n\n\n<li><code>LanguagePriority<\/code><\/li>\n\n\n\n<li><code>ForceType<\/code><\/li>\n\n\n\n<li><code>IndexIgnore<\/code><\/li>\n\n\n\n<li><code>IndexOptions<\/code><\/li>\n\n\n\n<li><code>AddIcon<\/code><\/li>\n\n\n\n<li><code>AddDescription<\/code><\/li>\n\n\n\n<li><code>DefaultIcon<\/code><\/li>\n\n\n\n<li><code>FallbackResource<\/code><\/li>\n\n\n\n<li><code>Options +FollowSymLinks<\/code> \/ <code>-Indexes<\/code>, etc.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>13. File &amp; Directory Specific<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>&lt;Files><\/code><\/li>\n\n\n\n<li><code>&lt;FilesMatch><\/code><\/li>\n\n\n\n<li><code>&lt;IfModule><\/code><\/li>\n\n\n\n<li><code>&lt;If><\/code><\/li>\n\n\n\n<li><code>&lt;IfDefine><\/code><\/li>\n\n\n\n<li><code>&lt;Limit><\/code><\/li>\n\n\n\n<li><code>&lt;LimitExcept><\/code><\/li>\n\n\n\n<li><code>&lt;Directory><\/code> (only in configs, not .htaccess)<\/li>\n\n\n\n<li><code>&lt;Location><\/code> (not allowed in .htaccess)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>14. CGI &amp; Script<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ScriptAlias<\/code> (rarely in .htaccess)<\/li>\n\n\n\n<li><code>ScriptInterpreterSource<\/code><\/li>\n\n\n\n<li><code>AddHandler cgi-script<\/code><\/li>\n\n\n\n<li><code>Options +ExecCGI<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>15. Miscellaneous<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>TimeOut<\/code> (rare, typically not allowed)<\/li>\n\n\n\n<li><code>Header set X-Frame-Options ...<\/code><\/li>\n\n\n\n<li><code>Header always ...<\/code><\/li>\n\n\n\n<li><code>SetHandler<\/code><\/li>\n\n\n\n<li><code>UnsetHandler<\/code><\/li>\n\n\n\n<li><code>Redirect 301 \/old-url \/new-url<\/code><\/li>\n\n\n\n<li><code>RewriteOptions<\/code><\/li>\n\n\n\n<li><code>RewriteLock<\/code><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u26a1\ufe0f Advanced \/ Module-Specific Directives<\/strong><\/h3>\n\n\n\n<p>Some directives are only available if certain modules are enabled.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>mod_security<\/strong>: <code>SecRuleEngine<\/code>, <code>SecRule<\/code>, etc.<\/li>\n\n\n\n<li><strong>mod_evasive<\/strong>: <code>DOSHashTableSize<\/code>, etc.<\/li>\n\n\n\n<li><strong>mod_qos<\/strong>: <code>QS_SrvMaxConnPerIP<\/code>, etc.<\/li>\n\n\n\n<li><strong>mod_speling<\/strong>: <code>CheckSpelling<\/code><\/li>\n\n\n\n<li><strong>mod_deflate<\/strong>: <code>SetOutputFilter<\/code>, etc.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Important Notes<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Not all directives are allowed<\/strong> in <code>.htaccess<\/code> context. It depends on how <code>AllowOverride<\/code> is set in your <code>httpd.conf<\/code> or vhost configuration.<\/li>\n\n\n\n<li>Some directives only work in server config, not in <code>.htaccess<\/code>.<\/li>\n\n\n\n<li>Modules like <code>mod_rewrite<\/code>, <code>mod_headers<\/code>, <code>mod_expires<\/code>, <code>mod_deflate<\/code>, etc., must be enabled in Apache for those directives to work.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Authoritative, Up-to-date List<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The <strong>official list of all directives<\/strong>:<br><a href=\"https:\/\/httpd.apache.org\/docs\/current\/mod\/directives.html\" target=\"_blank\" rel=\"noopener\">https:\/\/httpd.apache.org\/docs\/current\/mod\/directives.html<\/a><\/li>\n\n\n\n<li>See which are valid in <code>.htaccess<\/code> (context column = &#8220;directory&#8221; or &#8220;.htaccess&#8221;)<br><a href=\"https:\/\/httpd.apache.org\/docs\/current\/sections.html#mergin\" target=\"_blank\" rel=\"noopener\">Apache Directive Contexts<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Summary Table of Most Used .htaccess Directives<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Directive\/Rule<\/th><th>Purpose\/Use<\/th><\/tr><\/thead><tbody><tr><td>RewriteEngine\/Rule\/Cond<\/td><td>URL rewriting and redirects<\/td><\/tr><tr><td>Redirect\/RedirectMatch<\/td><td>Simple redirects<\/td><\/tr><tr><td>AuthType\/AuthUserFile<\/td><td>Authentication<\/td><\/tr><tr><td>Require\/Order\/Allow\/Deny<\/td><td>Access control<\/td><\/tr><tr><td>DirectoryIndex<\/td><td>Default index file<\/td><\/tr><tr><td>ErrorDocument<\/td><td>Custom error pages<\/td><\/tr><tr><td>AddType\/AddHandler<\/td><td>MIME types and handlers<\/td><\/tr><tr><td>Options<\/td><td>Enable\/disable features (Indexes, SymLinks)<\/td><\/tr><tr><td>ExpiresActive\/ByType<\/td><td>Caching headers<\/td><\/tr><tr><td>Header<\/td><td>Set or modify HTTP headers<\/td><\/tr><tr><td>SetEnv\/SetEnvIf<\/td><td>Environment variables<\/td><\/tr><tr><td>,<\/td><td>Target config to certain files<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>However, an \u201cabsolutely complete\u201d list is technically impossible to print here in full\u2014because the .htaccess file can use nearly any Apache directive that is allowed by the AllowOverride setting and&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-50439","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/50439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=50439"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/50439\/revisions"}],"predecessor-version":[{"id":50440,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/50439\/revisions\/50440"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=50439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=50439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=50439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}