Laravel .htaccess Generator

Generate a clean, secure .htaccess for your Laravel public/ folder.

Placement is Key!

In Laravel, this file should normally live inside the /public folder, NOT the project root (unless you are on specific shared hosting).

Standard Laravel .htaccess

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

# Security: Deny access to sensitive files
<FilesMatch "^\.env|composer\.(json|lock)|package(-lock)?\.json$|phpunit\.xml$">
    Order allow,deny
    Deny from all
</FilesMatch>

How Laravel handles Routing

Laravel uses a single entry point: index.php. The .htaccess file tells Apache to take any URL the user types and "pass" it to Laravel's router, as long as it isn't a real file like an image.

Who should use this?

Developers deploying Laravel to Apache shared hosting or VPS who need the default routing behavior restored.

When NOT to use this?

If you are using Laravel Forge with Nginx, or Laravel Sail (Docker). Nginx handles these rules in the site configuration, not a file.

Plain-English Explanation

HTTP_AUTHORIZATION

Framework Critical

Laravel needs this to handle API tokens and Login sessions. Without it, your Auth headers might be stripped by Apache.

RewriteCond %{REQUEST_FILENAME} !-d

Framework Critical

"If the folder doesn't exist, keep going." This prevents Laravel from trying to handle requests for real directories.

Options -MultiViews

Standard Default

Prevents Apache from trying to guess what file you want if a direct match isn't found (which can break Laravel routes).

Frequently Asked Questions (FAQs)

This happens when your server’s DocumentRoot is pointed to the Laravel project root instead of the /public directory. The correct fix is to update your server configuration so it points directly to your-project/public, rather than trying to hide it with rewrite rules.

No. Using a root-level .htaccess to rewrite requests into the /public folder is considered a workaround. While it may work temporarily, it can introduce security and performance issues. The recommended approach is always to fix the server’s document root.

Laravel’s main .htaccess file belongs inside the /public directory. This is where routing, index handling, and request forwarding to index.php happen. Editing or relying on a root-level file is rarely necessary.

Editing the wrong .htaccess file: Laravel’s routing logic lives inside the /public directory.
Exposing the .env file: Your environment file should never be accessible from the web. Proper rules must block access to it.
Ignoring Apache mod_rewrite: If routes are not working, ensure mod_rewrite is enabled on your server.

No. .htaccess files are specific to Apache. If you are using Nginx, routing and security rules must be configured directly in the server configuration file instead.

Explore Other .htaccess Tools:

301 Redirect Generator WordPress .htaccess CodeIgniter .htaccess Plain PHP .htaccess Browse All Tools