apache2-deprecated-auth-config

The package is using some of the deprecated authentication configuration directives Order, Satisfy, Allow, Deny, <Limit> or <LimitExcept>

These do not integrate well with the new authorization scheme of Apache 2.4 and, in the case of <Limit> and <LimitExcept> have confusing semantics. The configuration directives should be replaced with a suitable combination of <RequireAll>, <RequireAny>, Require all, Require local, Require ip, and Require method.

Alternatively, the offending lines can be wrapped between <IfModule !mod_authz_core.c> ... </IfModule> or <IfVersion < 2.3> ... </IfVersion> directives.

The tag is present in Lintian version 2.114.163. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.111.0 release tag in our Git repository.

You can find the detection logic for this version at commit ce6249d. For merge requests, please use the latest version in the Lintian check apache2.

Visibility: warning

The following 6 source packages in the archive triggered the tag 13 times (in any Lintian version).

There were no overrides.

libapache-mod-musicindex

Allow [etc/apache2/mods-available/musicindex.conf:4]
Order [etc/apache2/mods-available/musicindex.conf:3]

linkchecker

Allow [etc/apache2/conf-available/linkchecker-web.conf:15]
Allow [etc/apache2/conf-available/linkchecker-web.conf:20]
Deny [etc/apache2/conf-available/linkchecker-web.conf:14]
Order [etc/apache2/conf-available/linkchecker-web.conf:13]

ocsinventory-server

Allow [etc/apache2/conf-available/ocsinventory-reports.conf:33]
Order [etc/apache2/conf-available/ocsinventory-reports.conf:32]

otrs2

Allow [etc/apache2/conf-available/otrs2.conf:31]
Order [etc/apache2/conf-available/otrs2.conf:30]

restfuldb

Satisfy [etc/apache2/conf-available/restfuldb.conf:42]

xymon

Allow [etc/apache2/conf-available/xymon.conf:23]
Order [etc/apache2/conf-available/xymon.conf:22]