apache2-deprecated-auth-config
The package is using some of the deprecated authentication configuration directives Order, Satisfy, Allow, Deny, <Limit> or <LimitExcept>
These do not integrate well with the new authorization scheme of Apache 2.4 and, in the case of <Limit> and <LimitExcept> have confusing semantics. The configuration directives should be replaced with a suitable combination of <RequireAll>, <RequireAny>, Require all, Require local, Require ip, and Require method.
Alternatively, the offending lines can be wrapped between <IfModule !mod_authz_core.c> ... </IfModule> or <IfVersion < 2.3> ... </IfVersion> directives.
| Severity: | warning |
| Experimental: | false |
See also
- list of all the affected packages
- the source of this tag