diff --git a/modules/services/web-servers/apache-httpd/default.nix b/modules/services/web-servers/apache-httpd/default.nix
index 05fada720ba..29a20cae162 100644
--- a/modules/services/web-servers/apache-httpd/default.nix
+++ b/modules/services/web-servers/apache-httpd/default.nix
@@ -116,6 +116,7 @@ let
]
++ optionals (!versionOlder httpd.version "2.4") [
"mpm_${mainCfg.multiProcessingModule}"
+ "authz_core"
"unixd"
]
++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
@@ -123,6 +124,21 @@ let
++ extraApacheModules;
+ allDenied = if versionOlder httpd.version "2.4" then ''
+ Order deny,allow
+ Deny from all
+ '' else ''
+ Require all denied
+ '';
+
+ allGranted = if versionOlder httpd.version "2.4" then ''
+ Order allow,deny
+ Allow from all
+ '' else ''
+ Require all granted
+ '';
+
+
loggingConf = ''
ErrorLog ${mainCfg.logDir}/error_log
@@ -191,8 +207,7 @@ let
Options Indexes FollowSymLinks
AllowOverride None
- Order allow,deny
- Allow from all
+ ${allGranted}
'';
@@ -246,12 +261,10 @@ let
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
- Order allow,deny
- Allow from all
+ ${allGranted}
- Order deny,allow
- Deny from all
+ ${allDenied}
@@ -273,8 +286,7 @@ let
Alias ${elem.urlPath} ${elem.dir}/
Options +Indexes
- Order allow,deny
- Allow from all
+ ${allGranted}
AllowOverride All
'';
@@ -326,8 +338,7 @@ let
AddHandler type-map var
- Order allow,deny
- Deny from all
+ ${allDenied}
${mimeConf}
@@ -345,16 +356,14 @@ let
Options FollowSymLinks
AllowOverride None
- Order deny,allow
- Deny from all
+ ${allDenied}
# But do allow access to files in the store so that we don't have
# to generate clauses for every generated file that we
# want to serve.
- Order allow,deny
- Allow from all
+ ${allGranted}
# Generate directives for the main server.