Personal notes from the past.
In Apache 2.4, you can still use Allow and Deny for ACL settings with mod_access_compat.
Rewriting ACL from Apache 2.2 to 2.4
Allowing All
- Apache 2.2
<Directory "/home/www">
Order allow,deny
Allow from all
</Directory>
- Apache 2.4
<Directory "/home/www">
Require all granted
</Directory>
Denying All
- Apache 2.2
<Directory "/home/www">
Order deny,allow
Deny from all
</Directory>
- Apache 2.4
<Directory "/home/www">
Require all denied
</Directory>
Allowing Specific IP Address
- Apache 2.2
<Location /admin>
Order allow,deny
Deny from all
Allow from 127.0.0.1
</Location>
- Apache 2.4
<Location /admin>
Require ip 127.0.0.1
</Location>
For hostnames, use Require Host example.jp.
Restriction Using Environment Variables
- Apache 2.2
<Location /admin>
SetEnvIf User-Agent ^IamAdmin/0¥.1 admin_ok
Order deny,allow
Deny from all
Allow from env=admin_ok
</Location>
- Apache 2.4
<Location /admin>
SetEnvIf User-Agent ^IamAdmin/0¥.1 admin_ok
Require env admin_ok
</Location>
Allowing with Multiple Conditions
- Apache 2.2
<Location /admin>
Order deny,allow
Deny from all
Allow from 192.168.1
Require group admin
Satisfy any
</Location>
- Apache 2.4
<Location /admin>
<RequireAny>
Require ip 192.168.1
Require group admin
</RequireAny>
</Location>
In addition to RequireAny, there’s also RequireAll for matching all conditions.