Hello! 2016-04-04 12:03 GMT+02:00 Hildegard Meier <daku8...@gmx.de>:
> Hello, > > I have the following configuration in a vHost: > > [...] > > Alias /pnp4nagios "/usr/local/pnp4nagios-0.6.25/share" > > <Directory "/usr/local/pnp4nagios-0.6.25/share"> > AllowOverride None > > Order allow,deny > Allow from all > > [...] > > This works with Apache 2.2 but after upgrading to 2.4 access is denied! > > Debug error log gives: > > [authz_core:debug] [client x.x.x.x:52204] AH01626: authorization result of > <Require Any>: denied > [authz_core:error] [client x.x.x.x:52204] AH01630: client denied by server > configuration: /usr/local/pnp4nagios-0.6.25/share/graph > > I guess this is because of this default entry in /etc/apache2/apache2.conf: > > <Directory /> > Options FollowSymLinks > AllowOverride None > Require all denied > </Directory> > > > Solution is to replace the "Order allow,deny Allow from all" with "Require > all granted". > > I do not know, why the legacy directive has no effect in this case and I > suggest to give a hint on this case in the upgrade guide > > https://httpd.apache.org/docs/2.4/upgrading.html Maybe I am missing something but this use case is described in https://httpd.apache.org/docs/2.4/upgrading.html#run-time ==> Access control.. > > I also second the comment from 2013-05-20 on > https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html > > "The documentation doesn't mention how authz_host and mod_access_compat > directives interact when both modules are installed. From people testing > here it seems that "deny" rule is always in effect, regardless if it is > comming from authz_host or access_compat. Official description of these > interactions would be welcome." > Info available: - upgrade doc ==> "In 2.4, such access control is done in the same way as other authorization checks, using the new module mod_authz_host. The old access control idioms should be replaced by the new authentication mechanisms, although for compatibility with old configurations, the new module mod_access_compat is provided." - mod_access_compact ==> "The directives provided by mod_access_compat have been deprecated by the new authz refactoring. Please see mod_authz_host." Could you give us some advice about the info needed to make this document clearer? Thanks a lot! Luca
