Brian Love
Angular + TypeScript Developer in Denver, CO

Upgrading to Apache 2.4 from Apache HTTP Server 2.2.x

Reading time ~1 minute

Upgrading from Apache 2.x to the latest version of Apache 2.4 may require some changes to your configuration. I recently went through this process and thought I would document some of the changes that I encountered.

Access Control

Specifying access using the Order and Allow directives in Apache has been common for years now. My httpd.conf file had this scattered throughout, first denying access to all files, and then explicitly allowing access to files in my webroot folder. I also noticed that some of the extra configuration files, and the ColdFusion Jakarta configuration file rely on the Order command.

You may get an error when testing your configuration after the upgrade indicating that Order is an invalid directive.

$ sudo apachectl -t
Syntax error on line 31 of /private/etc/apache2/mod_jk.conf:
Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration

Here are the simple changes that you can make in your Apache configuration files to be compliant with the new Require directive in Apache 2.4.x

Deny All RequestsUsing Apache 2.2:

Order deny,allow
Deny from all

Deny All RequestsUsing Apache 2.4

Require all denied

Allow All RequestsUsing Apache 2.2

Order allow,deny
Allow from all

###Allow All RequestsUsing Apache 2.4

Require all granted

AllowOverride defaults to None

This is a good change, and it means that we can remove the default AllowOverride in our root directory configuration. So, just remove the unnecessary line in your httpd.conf file.

<Directory />
    Options FollowSymLinks
    AllowOverride None #this can be safely removed now
    Require all denied

Brian Love

Hi, I'm Brian. I am interested in TypeScript, Angular and Node.js. I'm married to my best friend Bonnie, I live in Denver and I ski (a lot).