I've upgraded from Ubuntu 12.04 LTS to 14.04 LTS, and suddenly, my Apache 2.4 (previous: Apache 2.2) now lets everybody in to my virtual host, which is unfortunate :-).
What am I doing wrong? Anything with the Order/Allow lines? Any help is greatly appreciated!
Here's my current config;
<VirtualHost *:443>
DavLockDB /etc/apache2/var/DavLock
ServerAdmin admin@mydomain.com
ServerName foo.mydomain.com
DocumentRoot /srv/www/foo
Include ssl-vhosts.conf
<Directory /srv/www/foo>
Order allow,deny
Allow from all
Dav On
Options FollowSymLinks Indexes
AllowOverride None
AuthBasicProvider ldap
AuthType Basic
AuthName "Domain foo"
AuthLDAPURL "ldap://localhost:389/dc=mydomain,dc=com?uid" NONE
AuthLDAPBindDN "cn=searchUser, dc=mydomain, dc=com"
AuthLDAPBindPassword "ThisIsThePwd"
require ldap-group cn=users,dc=mydomain,dc=com
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch '\.[Dd][Bb]'>
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
ErrorLog /var/log/apache2/error-foo.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access-foo.log combined
</VirtualHost>
Best Answer
Foiled by Chrome cache, even though I was using Private Browsing. Weird.
Access log told me I was actually pre-authenticated. So when using a browser I never use (IE), it popped up with an authenticate dialog. And succeeded on binding to LDAP server. Nice.