<note type="warning"><title>Note</title>
<p>The directives provided by <module>mod_access_compat</module> have
- been deprecated by the new authz refactoring. Please see
- <module>mod_authz_host</module>.</p>
- </note>
+ been deprecated by <module>mod_authz_host</module>.
+ Mixing old directives like <directive
+ module="mod_access_compat">Order</directive>, <directive
+ module="mod_access_compat">Allow</directive> or <directive
+ module="mod_access_compat">Deny</directive> with new ones like
+ <directive
+ module="mod_authz_core">Require</directive> is technically possible
+ but discouraged. This module was created to support
+ configurations containing only old directives to facilitate the 2.4 upgrade.
+ Please check the <a href="../upgrading.html">upgrading</a> guide for more
+ information.
+ </p>
+ </note>
<p>In general, access restriction directives apply to all
access methods (<code>GET</code>, <code>PUT</code>,
although for compatibility with old configurations, the new
module <module>mod_access_compat</module> is provided.</p>
+ <note><title>Mixing old and new directives</title>
+ <p>Mixing old directives like <directive
+ module="mod_access_compat">Order</directive>, <directive
+ module="mod_access_compat">Allow</directive> or <directive
+ module="mod_access_compat">Deny</directive> with new ones like
+ <directive
+ module="mod_authz_core">Require</directive> is technically possible
+ but discouraged. <module>mod_access_compat</module> was created to support
+ configurations containing only old directives to facilitate the 2.4 upgrade.
+ Please check the examples below to get a better idea about issues that might arise.
+ </p>
+ </note>
+
<p>Here are some examples of old and new ways to do the same
access control.</p>
Require host example.org
</highlight>
</example>
+
+ <p>In the following example, mixing old and new directives leads to
+ unexpected results.</p>
+
+ <example>
+ <title>Mixing old and new directives: NOT WORKING AS EXPECTED</title>
+ <highlight language="config">
+DocumentRoot "/var/www/html"
+
+<Directory "/">
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+</Directory>
+
+<Location "/server-status">
+ SetHandler server-status
+ Require 127.0.0.1
+</Location>
+
+access.log - GET /server-status 403 127.0.0.1
+error.log - AH01797: client denied by server configuration: /var/www/html/server-status
+ </highlight>
+ </example>
+ <p>Why httpd denies access to servers-status even if the configuration seems to allow it?
+ Because <module>mod_access_compat</module> directives take precedence
+ over the <module>mod_authz_host</module> one in this configuration
+ <a href="sections.html#merging">merge</a> scenario.</p>
+
+ <p>This example conversely works as expected:</p>
+
+ <example>
+ <title>Mixing old and new directives: WORKING AS EXPECTED</title>
+ <highlight language="config">
+DocumentRoot "/var/www/html"
+
+<Directory "/">
+ AllowOverride None
+ Require all denied
+</Directory>
+
+<Location "/server-status">
+ SetHandler server-status
+ Order deny,allow
+ Deny from all
+ Allow From 127.0.0.1
+</Location>
+
+access.log - GET /server-status 200 127.0.0.1
+ </highlight>
+ </example>
+ <p>So even if mixing configuration is still
+ possible, please try to avoid it when upgrading: either keep old directives and then migrate
+ to the new ones on a later stage or just migrate everything in bulk.
+ </p>
</section>
</section>