Allow multiple IPs with the Require directive in Apache 2.4


I am migrating from Apache 2.2 to 2.4, and would like to prefer the use of "Require" than the now discouraged use of Allow, Deny.

My question: How can I allow access from a set of IP addresses or ranges, by having one address/range per line in the configuration file?

With Apache 2.2, I used:

Order deny,allow
Deny from all
Allow from 2001:1000:2000::1/64
Allow from
Allow from

How would that translate to the new access control syntax?

Best Answer

The upgrading documentation has clear information on how to do this. It is also something that should be read in case any other configuration changes are required:

Also you do not need to put different IP addresses or networks on separate lines. It is perfectly acceptable to do the following:

# Apache v2.2
Allow from
# Apache v2.4
Require ip

Finally, the default is for multiple require directives to be treated as if they are in a <RequireAny> block, so unless you are forming a more complex nested grouping you do not need to add it. Though you may wish to for clarify of course. Reference:

Additional Information: One other thought is that when upgrading you should definitely go through all your configuration (including any htaccess files you might have) and convert the older Apache v2.2 directives to the Apache v2.4 ones, and then comment out the loading of the mod_access_compat module. Mixing v2.2 and v.24 directives can cause some very unusual problems that are hard to troubleshoot.