Of Stack

Compare the access control configuration syntax for Apache2.4 and Apache2.2

  • 2020-05-13 04:07:43
  • OfStack

This article is translated from the official document: Upgrading to 2.4 from 2.2

1. Access control

In version Apache2.2, access control is implemented using the Order(sort), Allow(allow), Deny(deny), and Satisfy(satisfy) directives based on the client's hostname, IP address, and other characteristics in the client request.

In version Apache2.4, the new module mod_authz_host is used for access control, and other authorization checks are done in the same way. The old access control statements should be replaced by the new authorization authentication mechanism, even though Apache already provides a new module, mod_access_compat, to be compatible with the old statements.

Here are some examples of using new methods instead of old statements to achieve the same access control

Example 1: all requests are rejected

Apache2. 2 configuration: 



Order deny,allow # Sort, reject and then allow 

Deny from all # Reject all

Apache2. 4 configuration: 



Require all denied # Reject all

Example 2: all requests are allowed

Apache2. 2 configuration: 



Order allow,deny # Sort, allow and then reject 

Allow from all # Allow all

Apache2. 4 configuration: 



Require all granted # Reject all

Example 3: example.org all requests are allowed and others are rejected

Apache2. 2 configuration: 



Order Deny,Allow # Sort, reject and then allow 

Deny from all # Reject all 

Allow from example.org # allow example.org

Apache2. 4 configuration: 



Require host example.org # Reject all

2. Apache Require directive

Learn more about the use of the require directive: Apache Module mod_authz_core

Attachment: common access control instructions 



Require all granted # Allow all 

Require all denied # Reject all 

Require env env-var [env-var] ... # It is allowed to match any of the environment variables 1 a 

Require method http-method [http-method] ... # Allow, specific HTTP methods 

Require expr expression # Allowed, the expression is true

Require user userid [ userid ] ... # Allow specific users 

Require group group-name [group-name] ... # Allow specific user groups 

Require valid-user # # Allow, valid user 

Require ip 10 172.20 192.168.2 # allow   specific IP

Related articles: