Upgrading from Apache 2.x to the latest version of Apache 2.4 may require some changes to your configuration. I recently went through this process and thought I would document some of the changes that I encountered.
Access Control
Specifying access using the Order and Allow directives in Apache has been common for years now. My httpd.conf file had this scattered throughout, first denying access to all files, and then explicitly allowing access to files in my webroot folder. I also noticed that some of the extra configuration files, and the ColdFusion Jakarta configuration file rely on the Order command.
You may get an error when testing your configuration after the upgrade indicating that Order is an invalid directive.
$ sudo apachectl -t
Syntax error on line 31 of /private/etc/apache2/mod_jk.conf:
Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configurationHere are the simple changes that you can make in your Apache configuration files to be compliant with the new Require directive in Apache 2.4.x
Deny All RequestsUsing Apache 2.2:
Order deny,allow
Deny from allDeny All RequestsUsing Apache 2.4
Require all deniedAllow All RequestsUsing Apache 2.2
Order allow,deny
Allow from all###Allow All RequestsUsing Apache 2.4
Require all grantedAllowOverride defaults to None
This is a good change, and it means that we can remove the default AllowOverride in our root directory configuration. So, just remove the unnecessary line in your httpd.conf file.
<Directory />
Options FollowSymLinks
AllowOverride None #this can be safely removed now
Require all denied
</Directory>