The Allow/Deny/Satisfy directives are potentially problematic if the corresponding Apache module isn't loaded.
Note: Satisfy lives outside of core in Apache 2.4.
(In ) refs #3129 - for Apache 2.2, it must be mod_authz_host.c (not mod_authz_host); also, we need to wrap it with !mod_access_compat as this module still exists in Apache 2.4 but Allow/Deny were moved to mod_access_compat
I still have this problem with Piwik 2.2.2 and Apache 2.4.
Tha automatically generated .htaccess is not valid. It gives the error
Invalid command 'Deny', perhaps misspelled or defined by a module not included in the server configuration
I found this workaround:
My .htaccess files look like this (I didn't care about finding a way to express this conditionnally):
<Files ~ "\.(php|php4|php5|inc|tpl|in|twig)$"> Require all denied </Files> <Files ~ "\.(test\.php|gif|ico|jpg|png|svg|js|css|swf)$"> Require all granted </Files>
These are the access/authenication modules that are installed:
The other day I stumbled upon this commit in phpbb: https://github.com/phpbb/phpbb/pull/2386/files#diff-f72a38c4bec79cc6ded3f8e435d6bd55L11
Maybe we could check out this one, and possibly how other popular open source projects have sorted their .htaccess so it works across all server configurations.