File _patchinfo of Package patchinfo.2333
<patchinfo incident="2333"> <category>recommended</category> <rating>moderate</rating> <packager>draht</packager> <summary>apache2: revert last change about Require directive to avoid spurious 403</summary> <description> Apache was updated to revert last change about Require directive to avoid spurious 403 errors due to conflicts with Require vs. Deny/Allow. The problem: In /etc/apache2/httpd.conf, the permissions are set for "/" using &lt;Directory /&gt; ... Require all denied &lt;/Directory&gt;. This overrides all subsequent Allow/Deny directives that may be present in an older confguration and leads to a 403 unless configured otherwise with a further "Require all granted" down in a directory or vhost. This cannot be guaranteed, though, and numerous configurations also from add-ons that bring their own /etc/apache2/conf.d config file make use of the Deny/Allow directives. This looks like we'll stick with the compiled-in mod_access_compat for a while. [bnc#854263]</description> <issue tracker="bnc" id="854263"/> </patchinfo>
