Overview: Migrating from Apache 2.2 to 2.4

We are starting to migrate our systems from Ubuntu 12.04 LTS to 14.04 LTS. 14.04 was released on April 17, 2014 and includes Apache 2.4 by default. We prefer a “physical” migration to a new VPS slice instead upgrading our existing server. As such, this post highlights the key peculiarities you need to be aware of when making the migration.

Several changes from a security standpoint have been implemented in Apache 2.4. A list of changes that may “break” your server when migrating from 2.2 to 2.4 is available on Apache’s upgrade docs. If you’re short on patience, scan Linode’s upgrade notes for an overview of what will break during migration.

For the purposes of our tutorials and courses, take note of the following updates which will break access control rules (e.g., IP filtering) as you migrate to Apache 2.4:

1. Virtual Host (v-host) File Naming Convention

V-host files in the must now use the .conf extension.

(see Linode knowledge base).

2. Allow, Deny Access Control Syntax is Deprecated

In Apache 2.2, access control based on client hostname, IP address, user agent, etc was done using the Allow and Deny directives. However, this is no longer the recommendation for Apache 2.4 onward. Nevertheless, to maintain compatibility with old configurations, it will still work correctly since the mod_access_compat module is provided.

From the Apache 2.4 access control docs:

The directives provided by mod_access_compat (e.g., allow, deny) have been deprecated by mod_authz_host. You should avoid using [allow, deny as well as] outdated tutorials recommending [its] use.