AH00027: No authentication done error after upgrading from Apache 2.2 to 2.4
Solution 1
For someone who intercepts with the same problem, the solution in my case was to add the following line in the httpd.conf file:
LoadModule authn_core_module modules/mod_authn_core.so
Solution 2
I am not familiar with Cent OS default directory structure, but you will want to follow something like this:
<Directory />
Require all denied
AllowOverride None
Options None
</Directory>
<Directory /PATH ON SERVER TO YOUR DOCUMENT ROOT>
Require all granted
AllowOverride All
Options FollowSymLinks
</Directory>
To use the Apache 2.4 directives, you will need to load mod_authz_core
LoadModule authz_core_module modules/mod_authz_core.so
If you don't have any other old (i.e. Order, Allow, Deny, and Satisfy) access control directives, comment out the access_compat module:
#LoadModule access_compat_module modules/mod_access_compat.so
If you do have other instances of the old 2.2 access control, update them if at all possible to use the Apache 2.4 Require directive, or similar Apache 2.4 authentication directives. It is not a good idea to mix the old and the new. As noted in the documentation, "unpredictable" results can occur.
Related videos on Youtube
Spaniard89
Updated on September 18, 2022Comments
-
Spaniard89 over 1 year
I recently updated Apache on Cent OS 7 from 2.2 to 2.4 and after the update I am not able to access the root folder,
I get the following error:
[Fri Apr 29 16:30:19.977037 2016] [core:error] [pid 32095] [client 10.211.55.1:44429] AH00027: No authentication done but request not allowed without authentication for /. Authentication not configured?
As mentioned here in the Authorization section you can still use old directives Order, Allow, Deny, and Satisfy by loading the module (Which I loaded obviously):
LoadModule access_compat_module modules/mod_access_compat.so
My Directory directive is as follow:
<Directory /> Options FollowSymLinks AllowOverride All </Directory>
I am not really sure what the problem might be, I would really appreciate some help here.
-
Colt about 8 yearsThis allows access to the whole server. Probably not a good idea.
-
Spaniard89 about 8 yearsThanks for the prompt update, I added these configuration changes and now the HTTPD is failing to start. I get the following the error while starting it:
May 02 10:12:01 dealdays-www-1a.vagrant.loc.vag httpd[32592]: AH00526: Syntax error on line 104 of /etc/httpd/conf/httpd.conf: May 02 10:12:01 dealdays-www-1a.vagrant.loc.vag httpd[32592]: Invalid command 'Require', perhaps misspelled or defined by a module not in...ration
May 02 10:12:01 dealdays-www-1a.vagrant.loc.vag systemd[1]: httpd.service: control process exited, code=exited status=1 . -
Spaniard89 about 8 yearsIf you are interested in the my conf file, you can find it here: pastebin.com/Yg4yh0uc
-
3ventic about 8 years@Colt, true, your way is much better.
-
3ventic about 8 yearsMake sure you have the module "authz_core_module" loaded.
-
Colt about 8 yearsYour install appears to use nonstandard names for modules. It looks like the
authz_core_module
is probably loaded withLoadModule authz_default_module modules/mod_authz_default.so
-
Colt about 8 yearsAlso, if you have
apache2ctl
available, the commandapache2ctl -t
checks your configuration before attempting start/restart. Can save a lot of headaches. -
Colt about 8 yearsFinally, in the "upgrading" document I note about 7 warnings against mixing old and new directives, ending with comment by Apache contributor "
mod_access_compat
only works if you don't mixAllow
andRequire
directives." If you are going to upgrade, you need to upgrade, which means using the "upgrade" document to help you fix your "old" configuration files or write new ones. -
Spaniard89 about 8 years@Colt thanks a lot for the help, the problem was gone when I added:
LoadModule authn_core_module modules/mod_authn_core.so
in the configuration file. I am not mixing the older directive and new directives. I am gonna stick to the older ones.