diff options
Diffstat (limited to 'tags/a/apache2-deprecated-auth-config.tag')
| -rw-r--r-- | tags/a/apache2-deprecated-auth-config.tag | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/tags/a/apache2-deprecated-auth-config.tag b/tags/a/apache2-deprecated-auth-config.tag new file mode 100644 index 0000000..a60d581 --- /dev/null +++ b/tags/a/apache2-deprecated-auth-config.tag @@ -0,0 +1,15 @@ +Tag: apache2-deprecated-auth-config +Severity: warning +Check: apache2 +Explanation: The package is using some of the deprecated authentication configuration + directives Order, Satisfy, Allow, Deny, <Limit> or <LimitExcept> + . + These do not integrate well with the new authorization scheme of Apache + 2.4 and, in the case of <Limit> and <LimitExcept> have confusing + semantics. The configuration directives should be replaced with a suitable + combination of <RequireAll>, <RequireAny>, Require all, Require local, + Require ip, and Require method. + . + Alternatively, the offending lines can be wrapped between + <IfModule !mod_authz_core.c> ... </IfModule> or + <IfVersion < 2.3> ... </IfVersion> directives. |