I am migrating from Apache 2.2 to 2.4, and would like to prefer the use of "Require" than the now discouraged use of Allow
, Deny
.
My question: How can I allow access from a set of IP addresses or ranges, by having one address/range per line in the configuration file?
With Apache 2.2, I used:
Order deny,allow
Deny from all
Allow from 2001:1000:2000::1/64
Allow from 1.2.3.4
Allow from 1.2.3.10
How would that translate to the new access control syntax?
The upgrading documentation has clear information on how to do this. It is also something that should be read in case any other configuration changes are required: https://httpd.apache.org/docs/2.4/upgrading.html
Also you do not need to put different IP addresses or networks on separate lines. It is perfectly acceptable to do the following:
Finally, the default is for multiple require directives to be treated as if they are in a
<RequireAny>
block, so unless you are forming a more complex nested grouping you do not need to add it. Though you may wish to for clarify of course. Reference: https://httpd.apache.org/docs/2.4/howto/auth.html#beyondAdditional Information: One other thought is that when upgrading you should definitely go through all your configuration (including any
htaccess
files you might have) and convert the older Apache v2.2 directives to the Apache v2.4 ones, and then comment out the loading of themod_access_compat
module. Mixing v2.2 and v.24 directives can cause some very unusual problems that are hard to troubleshoot.I know it is an old post but i think that can help with a functional example that i always use!
In apache 2.2 would be like:
In apache 2.4 would be like: