Compare the access control configuration syntax for Apache2.4 and Apache2.2
- 2020-05-13 04:07:43
- OfStack
This article is translated from the official document: Upgrading to 2.4 from 2.2
1. Access control
In version Apache2.2, access control is implemented using the Order(sort), Allow(allow), Deny(deny), and Satisfy(satisfy) directives based on the client's hostname, IP address, and other characteristics in the client request.
In version Apache2.4, the new module mod_authz_host is used for access control, and other authorization checks are done in the same way. The old access control statements should be replaced by the new authorization authentication mechanism, even though Apache already provides a new module, mod_access_compat, to be compatible with the old statements.
Here are some examples of using new methods instead of old statements to achieve the same access control
Example 1: all requests are rejected
Apache2. 2 configuration:
Order deny,allow # Sort, reject and then allow
Deny from all # Reject all
Apache2. 4 configuration:
Require all denied # Reject all
Example 2: all requests are allowed
Apache2. 2 configuration:
Order allow,deny # Sort, allow and then reject
Allow from all # Allow all
Apache2. 4 configuration:
Require all granted # Reject all
Example 3: example.org all requests are allowed and others are rejected
Apache2. 2 configuration:
Order Deny,Allow # Sort, reject and then allow
Deny from all # Reject all
Allow from example.org # allow example.org
Apache2. 4 configuration:
Require host example.org # Reject all
2. Apache Require directive
Learn more about the use of the require directive: Apache Module mod_authz_core
Attachment: common access control instructions
Require all granted # Allow all
Require all denied # Reject all
Require env env-var [env-var] ... # It is allowed to match any of the environment variables 1 a
Require method http-method [http-method] ... # Allow, specific HTTP methods
Require expr expression # Allowed, the expression is true
Require user userid [ userid ] ... # Allow specific users
Require group group-name [group-name] ... # Allow specific user groups
Require valid-user # # Allow, valid user
Require ip 10 172.20 192.168.2 # allow specific IP