User Tools
packages:apache
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revision Both sides next revision | ||
|
packages:apache [2013-06-11 19:26] glen created |
packages:apache [2014-02-28 22:29] glen [Upgrading] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Apache ====== | + | ====== Apache httpd ====== |
| + | Apache 2.4 has landed in Th on June 7, 2013. See [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2013-June/023560.html|announcement]]. | ||
| + | |||
| + | <note important> | ||
| + | **Access control incompatible changes** | ||
| + | |||
| + | All webapps have been migrated to new [[https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html|mod_authz_host]] access syntax and usage of [[https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html|mod_access_compat]] is strongly discouraged. | ||
| + | The rationale for it is that //access_compat// and //authz_host// are independent of each other and operate on separate namespaces. Main httpd configs contain only //authz_host// directives and enabling //access_compat// means allowing access to all locations/directories that are not explicitly denied by //authz_host//. | ||
| + | |||
| + | **Note:** | ||
| + | In case there exist both //authz_host// **and** //access_compat// directives for a location, the **Deny** clause of **ANY** of them takes precedence (in short: **deny** always wins, regardless where it comes from). | ||
| + | </note> | ||
| + | |||
| + | ===== Upgrading ===== | ||
| + | |||
| + | Detailed information about upgrading and all changes between apache 2.2 and 2.4 can be found [[https://httpd.apache.org/docs/2.4/upgrading.html|here]] | ||
| + | |||
| + | as for more complex examples, require ip or password: | ||
| + | |||
| + | <code apache Apache 2.x> | ||
| + | Order Deny,Allow | ||
| + | Deny from all | ||
| + | |||
| + | Allow from my.lan | ||
| + | Allow from 2001:1234:5678::/64 | ||
| + | |||
| + | AuthType Basic | ||
| + | AuthName www.my.lan | ||
| + | AuthBasicProvider ldap | ||
| + | AuthLDAPURL "ldap://server:389/ou=People,dc=example,dc=com?uid?sub?(objectClass=*)" | ||
| + | Require valid-user | ||
| + | |||
| + | Satisfy Any | ||
| + | </code> | ||
| + | |||
| + | The solution is very simple, just list the requirements and 2.4 somehow magically knows what you mean: | ||
| + | |||
| + | <code apache Apache 2.4> | ||
| + | Require host my.lan | ||
| + | Require ip 2001:1234:5678::/64 | ||
| + | |||
| + | AuthType Basic | ||
| + | AuthName www.my.lan | ||
| + | AuthBasicProvider ldap | ||
| + | AuthLDAPURL "ldap://server:389/ou=People,dc=example,dc=com?uid?sub?(objectClass=*)" | ||
| + | |||
| + | Require valid-user | ||
| + | </code> | ||
| + | |||
| + | Source: http://blog.hqcodeshop.fi/archives/63-Migrating-access-control-into-Apache-2.4.html | ||
| + | |||
| + | If you need to ''AND'' multiple requires, wrap them inside [[http://httpd.apache.org/docs/current/mod/mod_authz_core.html#requireall|<RequireAll></RequireAll>]] | ||
| + | |||
| + | ===== Apache 2.2 and 2.4 compatible configs ===== | ||
| + | |||
| + | If you need to support both Apache 2.2 and 2.4, then, for example, if Apache 2.2 config contained: | ||
| + | |||
| + | <code apache> | ||
| + | Allow from all | ||
| + | </code> | ||
| + | |||
| + | you need to use: | ||
| + | |||
| + | <code apache> | ||
| + | # Apache 2.x | ||
| + | <IfModule !mod_authz_core.c> | ||
| + | Order allow,deny | ||
| + | Allow from all | ||
| + | </IfModule> | ||
| + | # Apache 2.4 | ||
| + | <IfModule mod_authz_core.c> | ||
| + | Require all granted | ||
| + | </IfModule> | ||
| + | </code> | ||
| - | Apache 2.4 has landed Th on June 7, 2013, see [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2013-June/023560.html|announcement]]. | ||
packages/apache.txt ยท Last modified: 2015-02-12 17:06 by glen
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
