> Solution is to replace the "Order allow,deny Allow from all" with "Require > all granted". > > I do not know, why the legacy directive has no effect in this case and I > suggest to give a hint on this case in the upgrade guide > > https://httpd.apache.org/docs/2.4/upgrading.html[https://httpd.apache.org/docs/2.4/upgrading.html] >> Maybe I am missing something but this use case is described in >> https://httpd.apache.org/docs/2.4/upgrading.html#run-time[https://httpd.apache.org/docs/2.4/upgrading.html#run-time] >> ==> Access control..
The point is, that in the documentation is written "The old access control idioms _should_ be replaced [...] for compatibility with old configurations, the new module mod_access_compat is provided." But in my case, the old access control idioms _has to_ be replaced, there is _no compatibility_. It seems to me that there is some problem with mixing old and new style, which is also mentioned here: "A mix of allow (2.2) and require (2.4) directives while using apache HTTPD 2.4, used in the same or separate directory blocks. The new 2.4 directives should be used exclusively, and the mod_access_compat module should be unloaded by commenting out the LoadModule directive." (source: https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration) > I also second the comment from 2013-05-20 on > https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html[https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html] > "The documentation doesn't mention how authz_host and mod_access_compat > directives interact when both modules are installed. From people testing here > it seems that "deny" rule is always in effect, regardless if it is comming > from authz_host or access_compat. Official description of these interactions > would be welcome." >> Info available: >> >> - upgrade doc ==> "In 2.4, such access control is done in the same way as >> other authorization checks, using the new module mod_authz_host. The old >> access control idioms should be replaced by the new authentication >> mechanisms, although for compatibility with old configurations, the new >> module mod_access_compat is provided." >> >> - mod_access_compact ==> "The directives provided by mod_access_compat have >> been deprecated by the new authz refactoring. Please see mod_authz_host." >> >> Could you give us some advice about the info needed to make this document >> clearer? Another case: <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow From 1.2.3.4 </Location> _works_ with 2.4. Changing it to <Location /server-status> SetHandler server-status Require ip 1.2.3.4 </Location> Gives "[access_compat:error] [client 1.2.3.4] AH01797: client denied by server configuration: /var/www/docs/default/server-status" and does _not_ work anymore, so I have to switch back to old style. --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
