Picture of Brian Love wearing black against a dark wall in Portland, OR.

Brian Love

Upgrading to Apache 2.4 from Apache HTTP Server 2.2.x

Upgrading from Apache 2.x to the latest version of Apache 2.4 may require some changes to your configuration. I recently went through this process and thought I would document some of the changes that I encountered.

Access Control

Specifying access using the Order and Allow directives in Apache has been common for years now. My httpd.conf file had this scattered throughout, first denying access to all files, and then explicitly allowing access to files in my webroot folder. I also noticed that some of the extra configuration files, and the ColdFusion Jakarta configuration file rely on the Order command.

You may get an error when testing your configuration after the upgrade indicating that Order is an invalid directive.

$ sudo apachectl -t
Syntax error on line 31 of /private/etc/apache2/mod_jk.conf:
Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration

Here are the simple changes that you can make in your Apache configuration files to be compliant with the new Require directive in Apache 2.4.x

Deny All RequestsUsing Apache 2.2:

Order deny,allow
Deny from all

Deny All RequestsUsing Apache 2.4

Require all denied

Allow All RequestsUsing Apache 2.2

Order allow,deny
Allow from all

###Allow All RequestsUsing Apache 2.4

Require all granted

AllowOverride defaults to None

This is a good change, and it means that we can remove the default AllowOverride in our root directory configuration. So, just remove the unnecessary line in your httpd.conf file.

<Directory />
    Options FollowSymLinks
    AllowOverride None #this can be safely removed now
    Require all denied