Summary of changes:
a) apache 2.4 compliant access control (old syntax requires compat module)
b) EnableSendfile now defaults to Off.
c) FileETag now defaults to "MTime Size" (without INode).
Also corrected typo: FileEtag -> FileETag
d) DefaultType no longer has any effect, other than to emit a warning.
e) LockFile directive has been replaced by Mutex directive.
f) SSLMutex directive has been replaced by Mutex directive.
g) MaxClients has been renamed to MaxRequestWorkers
h) NameVirtualHost directive no longer has any effect, other than to emit a warning.
Reasons for changes see:
http://httpd.apache.org/docs/2.4/upgrading.html
--- conf/httpd.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/httpd.conf 2012-07-22 04:12:51.932000083 +0200
@@ -36,6 +36,7 @@
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
+# Comment: The LockFile directive has been replaced by the Mutex directive
ServerRoot "/usr/lib/apache2"
# Dynamic Shared Object (DSO) Support
--- conf/modules.d/00_apache_manual.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_apache_manual.conf 2012-07-22 04:12:51.932000083 +0200
@@ -8,8 +8,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja
Options Indexes
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
SetHandler type-map
--- conf/modules.d/00_default_settings.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_default_settings.conf 2012-07-22 04:14:30.819995128 +0200
@@ -69,13 +69,13 @@ HostnameLookups Off
# filesystems or if support for these functions is otherwise
# broken on your system.
EnableMMAP On
-EnableSendfile On
+EnableSendfile Off
-# FileEtag: Configures the file attributes that are used to create
+# FileETag: Configures the file attributes that are used to create
# the ETag (entity tag) response header field when the document is
# based on a static file. (The ETag value is used in cache management
# to save network bandwidth.)
-FileEtag INode MTime Size
+FileETag MTime Size
# ContentDigest: This directive enables the generation of Content-MD5
# headers as defined in RFC1864 respectively RFC2616.
@@ -107,8 +107,7 @@ LogLevel warn
Options FollowSymLinks
AllowOverride None
- Order deny,allow
- Deny from all
+ Require all denied
# DirectoryIndex: sets the file that Apache will serve if a directory
@@ -127,8 +126,7 @@ LogLevel warn
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
- Order allow,deny
- Deny from all
+ Require all denied
# vim: ts=4 filetype=apache
--- conf/modules.d/00_error_documents.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_error_documents.conf 2012-07-22 04:12:51.932000083 +0200
@@ -30,8 +30,7 @@ Alias /error/ "/usr/share/apache2/error/
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
- Order allow,deny
- Allow from all
+ Require all granted
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
--- conf/modules.d/00_mod_autoindex.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_mod_autoindex.conf 2012-07-22 04:12:51.932000083 +0200
@@ -7,8 +7,7 @@ Alias /icons/ "/usr/share/apache2/icons/
Options Indexes MultiViews
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
--- conf/modules.d/00_mod_info.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_mod_info.conf 2012-07-22 04:12:51.936000083 +0200
@@ -3,9 +3,7 @@
# http://servername/server-info
SetHandler server-info
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
+ Require host 127.0.0.1
--- conf/modules.d/00_mod_mime.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_mod_mime.conf 2012-07-22 04:12:51.936000083 +0200
@@ -1,12 +1,3 @@
-# DefaultType: the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value. If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-DefaultType text/plain
-
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
--- conf/modules.d/00_mod_status.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_mod_status.conf 2012-07-22 04:12:51.936000083 +0200
@@ -3,9 +3,7 @@
# with the URL of http://servername/server-status
SetHandler server-status
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
+ Require host 127.0.0.1
# ExtendedStatus controls whether Apache will generate "full" status
--- conf/modules.d/00_mod_userdir.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_mod_userdir.conf 2012-07-22 04:12:51.936000083 +0200
@@ -11,12 +11,10 @@ UserDir public_html
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
- Order allow,deny
- Allow from all
+ Require all granted
- Order deny,allow
- Deny from all
+ Require all denied
--- conf/modules.d/00_mpm.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/00_mpm.conf 2012-07-22 04:12:51.936000083 +0200
@@ -7,7 +7,7 @@
PidFile /var/run/apache2.pid
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
-#LockFile /var/run/apache2.lock
+# Mutex file:/var/run/apache_mpm_mutex
# Only one of the below sections will be relevant on your
# installed httpd. Use "/usr/sbin/apache2 -l" to find out the
@@ -17,7 +17,7 @@ PidFile /var/run/apache2.pid
# These configuration directives apply to all MPMs
#
# StartServers: Number of child server processes created at startup
-# MaxClients: Maximum number of child processes to serve requests
+# MaxRequestWorkers: Maximum number of child processes to serve requests
# MaxRequestsPerChild: Limit on the number of requests that an individual child
# server will handle during its life
@@ -31,7 +31,7 @@ PidFile /var/run/apache2.pid
StartServers 5
MinSpareServers 5
MaxSpareServers 10
- MaxClients 150
+ MaxRequestWorkers 150
MaxRequestsPerChild 10000
@@ -46,7 +46,7 @@ PidFile /var/run/apache2.pid
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
- MaxClients 150
+ MaxRequestWorkers 150
MaxRequestsPerChild 10000
@@ -60,7 +60,7 @@ PidFile /var/run/apache2.pid
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
- MaxClients 150
+ MaxRequestWorkers 150
MaxRequestsPerChild 10000
@@ -76,7 +76,7 @@ PidFile /var/run/apache2.pid
MinSpareProcessors 2
MinProcessors 2
MaxProcessors 10
- MaxClients 150
+ MaxRequestWorkers 150
MaxRequestsPerChild 1000
ExpireTimeout 1800
@@ -92,7 +92,7 @@ PidFile /var/run/apache2.pid
StartServers 5
MinSpareServers 5
MaxSpareServers 10
- MaxClients 150
+ MaxRequestWorkers 150
MaxRequestsPerChild 10000
--- conf/modules.d/40_mod_ssl.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/40_mod_ssl.conf 2012-07-22 04:12:51.940000083 +0200
@@ -57,7 +57,7 @@ SSLSessionCacheTimeout 300
## Semaphore:
# Configure the path to the mutual exclusion semaphore the SSL engine uses
# internally for inter-process synchronization.
-SSLMutex file:/var/run/ssl_mutex
+Mutex file:/var/run/apache_ssl_mutex ssl-cache
# vim: ts=4 filetype=apache
--- conf/modules.d/46_mod_ldap.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/modules.d/46_mod_ldap.conf 2012-07-22 04:12:51.940000083 +0200
@@ -11,9 +11,7 @@ LDAPOpCacheTTL 600
SetHandler ldap-status
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
+ Require host 127.0.0.1
--- conf/vhosts.d/00_default_vhost.conf 2012-02-12 23:31:57.000000000 +0100
+++ conf/vhosts.d/00_default_vhost.conf 2012-07-22 04:12:51.940000083 +0200
@@ -25,9 +25,6 @@
#Listen 12.34.56.78:80
Listen 80
-# Use name-based virtual hosting.
-NameVirtualHost *:80
-
# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
--- conf/vhosts.d/default_vhost.include 2012-02-12 23:31:57.000000000 +0100
+++ conf/vhosts.d/default_vhost.include 2012-07-22 04:12:51.940000083 +0200
@@ -31,8 +31,7 @@ DocumentRoot "/var/www/localhost/htdocs"
AllowOverride All
# Controls who can get stuff from this server.
- Order allow,deny
- Allow from all
+ Require all granted
@@ -66,8 +65,7 @@ DocumentRoot "/var/www/localhost/htdocs"
AllowOverride None
Options None
- Order allow,deny
- Allow from all
+ Require all granted
# vim: ts=4 filetype=apache
--- docs/ip-based-vhost.conf.example 2012-02-12 23:31:57.000000000 +0100
+++ docs/ip-based-vhost.conf.example 2012-07-22 04:12:51.940000083 +0200
@@ -50,8 +50,7 @@
Options Indexes FollowSymLinks
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
@@ -65,8 +64,7 @@
#
# AllowOverride None
# Options None
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
# If you have multiple users on this system, each with their own vhost,
@@ -88,8 +86,7 @@
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
#
@@ -100,8 +97,7 @@
#
# Options Indexes MultiViews
# AllowOverride None
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
# Create a logfile for this vhost
--- docs/name-based-vhost.conf.example 2012-02-12 23:31:57.000000000 +0100
+++ docs/name-based-vhost.conf.example 2012-07-22 04:12:51.940000083 +0200
@@ -23,17 +23,8 @@
#
# If you want to use a defintion other then the default, you should remove
# -D DEFAULT_VHOST from APACHE2_OPTS in /etc/conf.d/apache2.
-#
-# All requests (on any IP address) to port 80 will be handled by Virtual Hosts
-# This is the default setting in Gentoo:
-#NameVirtualHost *:80
-#
-# Only requests on this IP address on port 80 will be handled by Virtual Hosts
-# (note: you may need to modify/add a Listen directive in httpd.conf)
-#NameVirtualHost 1.2.3.4:80
-# The actual virtual host definition. Note that the *:80 MUST match whatever
-# is set for NameVirtualHost
+# The actual virtual host definition.
# ServerName and ServerAlias are how the server determines which virtual
# host should be used.
@@ -70,8 +61,7 @@
Options Indexes FollowSymLinks
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
# By default cgi-bin points to the global cgi-bin in /var/www/localhost
@@ -84,8 +74,7 @@
#
# AllowOverride None
# Options None
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
# If you have multiple users on this system, each with their own vhost,
@@ -107,8 +96,7 @@
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
#
@@ -119,8 +107,7 @@
#
# Options Indexes MultiViews
# AllowOverride None
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
# Create a logfile for this vhost
--- docs/ssl-vhost.conf.example 2012-02-12 23:31:57.000000000 +0100
+++ docs/ssl-vhost.conf.example 2012-07-22 04:12:51.944000083 +0200
@@ -40,8 +40,7 @@
Options Indexes FollowSymLinks
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
# By default cgi-bin points to the global cgi-bin in /var/www/localhost
@@ -54,8 +53,7 @@
#
# AllowOverride None
# Options None
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
# If you have multiple users on this system, each with their own vhost,
@@ -77,8 +75,7 @@
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
#
@@ -91,8 +88,7 @@
#
# Options Indexes MultiViews
# AllowOverride None
- # Order allow,deny
- # Allow from all
+ # Require all granted
#
# Create a logfile for this vhost
@@ -108,10 +104,6 @@
# If you want to force SSL for a virtualhost, you can uncomment this section
-# Make sure there is a proper NameVirtualHost already setup, if not, you
-# can uncomment this one. See name-based-vhost.conf.example for details.
-#NameVirtualHost *:80
-
# You can optionally use the IP address here instead, if you want every
# connection to this IP address to be forced to SSL
#