Future versions of Apache will use mod_authz_host instead of mod_access_compat; traditional Allow and Deny directives are going away, and in fact, this seems to have been the case for Apache2.4 all along, I just have not noticed it until now. No matter — better late than never :-)
It is technically possible to mix the old way of doing things with the new, but this is discouraged, because it may complicate things unnecessarily and lead to mistakes. Last I checked in Ubuntu, both modules were enabled after installing Apache2.4, hence why I have not really noticed this change until now.
We should now use the Require directive instead. I included a few examples below.
The wollowing allows access from everywhere:
Order allow,deny Allow from all
The equivalent of:
Require all granted
And the following denies access from everywhere:
Order deny,allow Deny from all
Is the equivalent of:
Require all denied
Note. Require can be used inside Directory and Location blocks.
For some reason, Directory does not seem to work for sub-directories of a root directory, but Location does.
Only allow access from IP
If you want to only allow access to a folder from a specific IP, then you probably want to use the Location directive for sub-directories.
To limit access to http://example.com/phpmyadmin/, to a specific IP, try something like this:
<Location "/phpmyadmin/"> DirectoryIndex index.php Require ip 127.0.0.1 </location>
This will also restrict access to files and sub-directories in /phpmyadmin/ so that only the client with the 127.0.0.1 IP address is allowed. You should place this in your Virtual Host file, below Directory blocks (if any).
You can list multiple IPs by seperating them with a space character:
Require ip 127.0.0.1 127.0.0.2 127.0.0.3
This is very useful if you only use phpMyAdmin for development purposes, and only developers needs to have access.
Your IP Address is:
Only allow access from local IPs
A really cool option for use with Require is called local; when used, only clients on the same LAN will be able to access the configured resource. E.g.:
- When the Client address is the same as the Server address.