There's a new kid in Ubuntu town: Apache 2.4

Here at fortytools we are slowly getting ready to migrate our Ubuntu 12.04 LTS machines to the shiny new Ubuntu 14.04 LTS release. I know that you are supposed to wait until the first ‘dot release’, so 14.04.1 or something similar scheduled for late Q2-2014. However if you use the 'do-release-upgrade -d’ you will be able to update to the latest development version.

Upgrading to the latest Ubuntu will also give you the new Apache 2.4 (previously it was Apache 2.2). This turned out to cause some problems.

So, after the upgrade was through (which took roughly 1 hour), heading over to this blog showed me the blog without any assets (images, styles or anything served from assets.fortytools.com). Poking around the Apache configuration a bit, I quickly turned up the volume on the log:

LogLevel debug

I came over these strange log entries which were caused by me hitting the Apache server:

[Tue May 13 18:33:13.278478 2014] [authz_core:debug] [pid 3954:tid 140073370642176] mod_authz_core.c(802): [client 78.54.172.164:64883] AH01626: authorization result of Require all denied: denied
[Tue May 13 18:33:13.278535 2014] [authz_core:debug] [pid 3954:tid 140073370642176] mod_authz_core.c(802): [client 78.54.172.164:64883] AH01626: authorization result of <RequireAny>: denied
[Tue May 13 18:33:13.278543 2014] [authz_core:error] [pid 3954:tid 140073370642176] [client 78.54.172.164:64883] AH01630: client denied by server configuration: /srv/www/assets/htdocs/lambda/img/ft.png

Wondering why it didn’t work anymore, I put in the usual 'Allow form all’, 'Order deny,allow’ into the 'Directory’ part of the virtual host configuration. However it still yieled the same result.

It turns out that some major changes were done to the access control mechanism inside of Apache. This is now handled by a module called 'authz_core’ and it’s siblings as you can see above in the log output. What this means for you is that 'Allow’ and 'Order’ are not supported by Apache 2.3 and later. The new thing is the 'Require’ directive in the virtual host configuration part.

Here is an incomplete translation of the old directives to the new ones which should get you started quickly:

Allow everything from anywhere

Apache 2.2 configuration:

Order allow,deny
Allow from all Apache 2.4 equivalent:Require all granted

Disallow everything from anywhere

Apache 2.2 configuration:

Order deny,allow
Deny from all

Apache 2.4 equivalent:

Require all denied

Deny everything, allow from example.com

Apache 2.2 configuration:

Order Deny,Allow
Deny from all
Allow from example.org

Apache 2.4 equivalent:

Require host example.org

There is also another gotcha when updating: make sure that your symbolic links in ’/etc/apache2/sites-enabled’ have a ’.conf’ extension as Apache 2.4 in the new Ubuntu 14.04 LTS is configured to only pick up ’*.conf’ files for virtual hosts.

‍