Home / server / Questions / 1007358
In Process
Sybille Peters
Asked: 2020-03-19 01:27:29 +0800 CST

Graceful conversion of access controll directives for Apache 2.4 (getting rid of mod_access_compat)

  • 772

From personal experience and the documentation, there may be problems when mixing old and new access control directives in the configuration, e.g.

old:

Order deny,allow
Deny from all
# ...

new:

Require all denied

Mixing old directives like Order, Allow or Deny with new ones like Require is technically possible but discouraged. mod_access_compat was created to support configurations containing only old directives to facilitate the 2.4 upgrade. Please check the examples below to get a better idea about issues that might arise.

...

In the following example, mixing old and new directives leads to unexpected results.

Upgrading to 2.4

I would like to convert to the new directives. It seems like a good idea to do this in one batch and then do a reload. However, some directives are in .htaccess files.

documentation:

.htaccess apache-2.4

1 Answers

  1. I suggest to change the directives to something like this in your .htaccess files:

    Example (you may want to check how the module is named on your system, e.g. mod_access_compat, access_compat_module):

    <IfModule access_compat_module>
    Order deny,allow
    Deny from all
</IfModule>

<IfModule !access_compat_module>
    Require all denied
</IfModule>

    Documentation: IfModule

    The rest of the configuration can also be done this way or could be done in one batch with subsequent reload without the Ifmodules (in order not to clutter up the configuration).

    Once the access_compat module is deactivated, the new directives will take effect.

    Alternatively, you may want to think about moving the configuration from the .htaccess files to your webserver configuration, see:

    You should avoid using .htaccess files completely if you have access to httpd main server config file.

    https://httpd.apache.org/docs/2.4/howto/htaccess.html

    • 0