From 1f183bf997629cb7b4d1419a5de76854e4ed39e0 Mon Sep 17 00:00:00 2001
From: Sean Alexandre <sean@alexan.org>
Date: Tue, 29 Sep 2015 19:28:50 -0400
Subject: [PATCH] Changes Apache conf files to use new mod_authz_host syntax
 instead of Allow/Deny

Resolves Issue https://github.com/freedombox/Plinth/issues/171
"Update Apache auth config directives"
---
 .../apache2/conf-available/jwchat-plinth.conf |  2 +-
 data/etc/apache2/sites-available/plinth.conf  | 35 +++++++++++++------
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/data/etc/apache2/conf-available/jwchat-plinth.conf b/data/etc/apache2/conf-available/jwchat-plinth.conf
index 8f98e2f94..b256b7c9c 100644
--- a/data/etc/apache2/conf-available/jwchat-plinth.conf
+++ b/data/etc/apache2/conf-available/jwchat-plinth.conf
@@ -8,5 +8,5 @@ Alias /jwchat /usr/share/jwchat/www
 ProxyPass /http-bind/ http://localhost:5280/http-bind/
 ProxyPassReverse /http-bind/ http://localhost:5280/http-bind/
 <Proxy http://localhost:5280/http-bind/*>
-    Allow from all
+    Require all granted
 </Proxy>
diff --git a/data/etc/apache2/sites-available/plinth.conf b/data/etc/apache2/sites-available/plinth.conf
index 8d1edf876..0adb68bba 100644
--- a/data/etc/apache2/sites-available/plinth.conf
+++ b/data/etc/apache2/sites-available/plinth.conf
@@ -13,14 +13,29 @@
     RequestHeader    set X-Forwarded-Proto 'https' env=HTTPS
 
     ## Allow traffic only from private networks
-    Order Deny,Allow
-    Deny from All
-    Allow from 127.0.0.0/8     # IPv4 local addresses
-    Allow from 169.254.0.0/16  # IPv4 link local addresses
-    Allow from 10.0.0.0/8      # IPv4 class A private addresses
-    Allow from 172.16.0.0/12   # IPv4 class B private addresses
-    Allow from 192.168.0.0/16  # IPv4 class C private addresses
-    Allow from ::1             # IPv6 local address
-    Allow from fe80::/10       # IPv6 link local addresses
-    Allow from fc00::/7        # IPv6 private addresses
+    <RequireAny>
+        ## IPv4 local addresses
+        Require ip 127.0.0.0/8
+
+        ## IPv4 link local addresses
+        Require ip 169.254.0.0/16
+
+        ## IPv4 class A private addresses
+        Require ip 10.0.0.0/8
+
+        ## IPv4 class B private addresses
+        Require ip 172.16.0.0/12
+
+        ## IPv4 class C private addresses
+        Require ip 192.168.0.0/16
+
+        ## IPv6 local address
+        Require ip ::1
+
+        ## IPv6 link local addresses
+        Require ip fe80::/10
+
+        ## IPv6 private addresses
+        Require ip fc00::/7
+    </RequireAny>
 </Location>