We are aware of a potentially service impacting issue. Learn more

Apache 2.2 to 2.4 authentication .htaccess issues Print

  • 1

 

Access control

In 2.2, access control based on client hostname, IP address, and other characteristics of client requests was done using the directives OrderAllowDeny, and Satisfy.

In 2.4, such access control is done in the same way as other authorization checks, using the new module mod_authz_host. The old access control idioms should be replaced by the new authentication mechanisms, although for compatibility with old configurations, the new module mod_access_compat is provided.

Here are some examples of old and new ways to do the same access control.

In this example, all requests are denied.

2.2 configuration:

Order deny,allow
Deny from all

2.4 configuration:

Require all denied

In this example, all requests are allowed.

2.2 configuration:

Order allow,deny
Allow from all

2.4 configuration:

Require all granted

In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

2.2 configuration:

OrderDeny,AllowDeny from all
Allow from example.org

2.4 configuration:

Require host example.org

[source: http://httpd.apache.org/docs/trunk/upgrading.html ]


Was this answer helpful?

« Back