Upgrading to Apache 2.4 from Apache HTTP Server 2.2.x
Upgrading from Apache 2.x to the latest version of Apache 2.4 may require some changes to your configuration. I recently went through this process and thought I would document some of the changes that I encountered.
Specifying access using the Order and Allow directives in Apache has been common for years now. My httpd.conf file had this scattered throughout, first denying access to all files, and then explicitly allowing access to files in my webroot folder. I also noticed that some of the extra configuration files, and the ColdFusion Jakarta configuration file rely on the Order command.
You may get an error when testing your configuration after the upgrade indicating that Order is an invalid directive.
$ sudo apachectl -t Syntax error on line 31 of /private/etc/apache2/mod_jk.conf: Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration
Here are the simple changes that you can make in your Apache configuration files to be compliant with the new
Require directive in Apache 2.4.x
Deny All RequestsUsing Apache 2.2:
Order deny,allow Deny from all
Deny All RequestsUsing Apache 2.4
Require all denied
Allow All RequestsUsing Apache 2.2
Order allow,deny Allow from all
Allow All RequestsUsing Apache 2.4
Require all granted
AllowOverride defaults to None
This is a good change, and it means that we can remove the default AllowOverride in our root directory configuration. So, just remove the unnecessary line in your httpd.conf file.
<Directory /> Options FollowSymLinks AllowOverride None #this can be safely removed now Require all denied </Directory>