PLD Linux Distribution

User Tools

Site Tools

Trace:
packages:apache

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
packages:apache [2013-06-11 19:32]
glen [Apache] 		packages:apache [2014-02-28 22:29]
glen [Upgrading]
Line 1: Line 1:
-====== Apache ======+====== Apache ​httpd ======
  
 Apache 2.4 has landed in Th on June 7, 2013. See [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2013-June/​023560.html|announcement]]. Apache 2.4 has landed in Th on June 7, 2013. See [[http://​lists.pld-linux.org/​mailman/​pipermail/​pld-devel-en/​2013-June/​023560.html|announcement]].
  
 +<note important>​
 +**Access control incompatible changes**
  
-===== Authz compat ​=====+All webapps have been migrated to new [[https://​httpd.apache.org/​docs/​2.4/​mod/​mod_authz_host.html|mod_authz_host]] access syntax and usage of [[https://​httpd.apache.org/​docs/​2.4/​mod/​mod_access_compat.html|mod_access_compat]] is strongly discouraged. 
 +The rationale for it is that //​access_compat//​ and //​authz_host//​ are independent of each other and operate on separate namespaces. Main httpd configs contain only //​authz_host//​ directives and enabling //​access_compat//​ means allowing access to all locations/​directories that are not explicitly denied by //​authz_host//​. 
 + 
 +**Note:** 
 +In case there exist both //​authz_host//​ **and** //​access_compat//​ directives for a location, the **Deny** clause of **ANY** of them takes precedence (in short: **deny** always wins, regardless where it comes from). 
 +</​note>​ 
 + 
 +===== Upgrading ​===== 
 + 
 +Detailed information about upgrading and all changes between apache 2.2 and 2.4 can be found [[https://​httpd.apache.org/​docs/​2.4/​upgrading.html|here]] 
 + 
 +as for more complex examples, require ip or password: 
 + 
 +<code apache Apache 2.x> 
 +Order Deny,​Allow 
 +Deny from all 
 + 
 +Allow from my.lan 
 +Allow from 2001:​1234:​5678::/​64 
 + 
 +AuthType Basic 
 +AuthName www.my.lan 
 +AuthBasicProvider ldap 
 +AuthLDAPURL "​ldap://​server:​389/​ou=People,​dc=example,​dc=com?​uid?​sub?​(objectClass=*)"​ 
 +Require valid-user 
 + 
 +Satisfy Any 
 +</​code>​ 
 + 
 +The solution is very simple, just list the requirements and 2.4 somehow magically knows what you mean: 
 + 
 +<code apache Apache 2.4> 
 +Require host my.lan 
 +Require ip 2001:​1234:​5678::/​64 
 + 
 +AuthType Basic 
 +AuthName www.my.lan 
 +AuthBasicProvider ldap 
 +AuthLDAPURL "​ldap://​server:​389/​ou=People,​dc=example,​dc=com?​uid?​sub?​(objectClass=*)"​ 
 + 
 +Require valid-user 
 +</​code>​ 
 + 
 +Source: http://​blog.hqcodeshop.fi/​archives/​63-Migrating-access-control-into-Apache-2.4.html 
 + 
 +If you need to ''​AND''​ multiple requires, wrap them inside [[http://​httpd.apache.org/​docs/​current/​mod/​mod_authz_core.html#​requireall|<​RequireAll></​RequireAll>​]] 
 + 
 +===== Apache 2.2 and 2.4 compatible configs ===== 
 + 
 +If you need to support both Apache 2.2 and 2.4, then, for example, if Apache 2.2 config contained:
  
-If in Apache 2.0/2.2, you would write: 
 <code apache> <code apache>
 Allow from all Allow from all
 </​code>​ </​code>​
  
-Then having apache 2.4 and 2.x support, ​you can write:+you need to use: 
 <code apache> <code apache>
-<​IfModule mod_authz_core.c>​ +# Apache 2.x
-    ​# Apache 2.+
-    Require all granted +
-</​IfModule>​+
 <​IfModule !mod_authz_core.c>​ <​IfModule !mod_authz_core.c>​
     Order allow,deny     Order allow,deny
     Allow from all     Allow from all
 +</​IfModule>​
 +# Apache 2.4
 +<​IfModule mod_authz_core.c>​
 +    Require all granted
 </​IfModule>​ </​IfModule>​
 </​code>​ </​code>​
 +
 +
packages/apache.txt · Last modified: 2015-02-12 17:06 by glen

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS PLD Linux Driven by DokuWiki