From 460775670a3297c0850fda53c82af2d3272ce827 Mon Sep 17 00:00:00 2001
From: Phil Fenstermacher <pcfens@wm.edu>
Date: Mon, 2 Jun 2014 13:27:02 -0400
Subject: [PATCH] Add better native support for Apache 2.4 when
 mod_access_compat isn't installed/enabled

---
 manifests/mod/ldap.pp            |  6 ++++--
 manifests/mod/pagespeed.pp       |  1 +
 manifests/mod/proxy.pp           |  3 ++-
 manifests/mod/status.pp          |  3 ++-
 manifests/mod/userdir.pp         |  3 ++-
 templates/mod/ldap.conf.erb      |  4 ++++
 templates/mod/pagespeed.conf.erb | 35 +++++++++++++++-----------------
 templates/mod/proxy.conf.erb     |  4 ++++
 templates/mod/status.conf.erb    |  4 ++++
 templates/mod/userdir.conf.erb   | 12 +++++++++--
 10 files changed, 49 insertions(+), 26 deletions(-)

diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp
index f489291a2..d3b17ff5b 100644
--- a/manifests/mod/ldap.pp
+++ b/manifests/mod/ldap.pp
@@ -1,6 +1,8 @@
-class apache::mod::ldap {
+class apache::mod::ldap (
+  $apache_version = $::apache::apache_version,
+){
   ::apache::mod { 'ldap': }
-  # Template uses no variables
+  # Template uses $apache_version
   file { 'ldap.conf':
     ensure  => file,
     path    => "${::apache::mod_dir}/ldap.conf",
diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp
index f4827c22a..8c1c03bd5 100644
--- a/manifests/mod/pagespeed.pp
+++ b/manifests/mod/pagespeed.pp
@@ -32,6 +32,7 @@
   $allow_pagespeed_message       = [],
   $message_buffer_size           = 100000,
   $additional_configuration      = {},
+  $apache_version                = $::apache::apache_version,
 ){
 
   $_lib = $::apache::apache_version ? {
diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp
index b6c0d6df7..03c1e78c9 100644
--- a/manifests/mod/proxy.pp
+++ b/manifests/mod/proxy.pp
@@ -1,9 +1,10 @@
 class apache::mod::proxy (
   $proxy_requests = 'Off',
   $allow_from = undef,
+  $apache_version = $::apache::apache_version,
 ) {
   ::apache::mod { 'proxy': }
-  # Template uses $proxy_requests
+  # Template uses $proxy_requests, $apache_version
   file { 'proxy.conf':
     ensure  => file,
     path    => "${::apache::mod_dir}/proxy.conf",
diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp
index fdaba4b07..cfab5d58e 100644
--- a/manifests/mod/status.pp
+++ b/manifests/mod/status.pp
@@ -26,11 +26,12 @@
 class apache::mod::status (
   $allow_from      = ['127.0.0.1','::1'],
   $extended_status = 'On',
+  $apache_version = $::apache::apache_version,
 ){
   validate_array($allow_from)
   validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status.  Allowed values are 'On' and 'Off'.")
   ::apache::mod { 'status': }
-  # Template uses $allow_from, $extended_status
+  # Template uses $allow_from, $extended_status, $apache_version
   file { 'status.conf':
     ensure  => file,
     path    => "${::apache::mod_dir}/status.conf",
diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp
index 27af54c66..accfe64a7 100644
--- a/manifests/mod/userdir.pp
+++ b/manifests/mod/userdir.pp
@@ -2,10 +2,11 @@
   $home = '/home',
   $dir = 'public_html',
   $disable_root = true,
+  $apache_version = $::apache::apache_version,
 ) {
   ::apache::mod { 'userdir': }
 
-  # Template uses $home, $dir, $disable_root
+  # Template uses $home, $dir, $disable_root, $apache_version
   file { 'userdir.conf':
     ensure  => file,
     path    => "${::apache::mod_dir}/userdir.conf",
diff --git a/templates/mod/ldap.conf.erb b/templates/mod/ldap.conf.erb
index 14f33ab2b..001977617 100644
--- a/templates/mod/ldap.conf.erb
+++ b/templates/mod/ldap.conf.erb
@@ -1,7 +1,11 @@
 <Location /ldap-status>
     SetHandler ldap-status
+    <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require ip 127.0.0.1 ::1
+    <%- else -%>
     Order deny,allow
     Deny from all
     Allow from 127.0.0.1 ::1
     Satisfy all
+    <%- end -%>
 </Location>
diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb
index 3bbf7f29b..a4d8a7220 100644
--- a/templates/mod/pagespeed.conf.erb
+++ b/templates/mod/pagespeed.conf.erb
@@ -54,7 +54,6 @@ ModPagespeedNumExpensiveRewriteThreads <%= @num_expensive_rewrite_threads %>
 ModPagespeedStatistics <%= @collect_statistics %>
 
 <Location /mod_pagespeed_statistics>
-    Order allow,deny
     # You may insert other "Allow from" lines to add hosts you want to
     # allow to look at generated statistics.  Another possibility is
     # to comment out the "Order" and "Allow" options from the config
@@ -62,37 +61,35 @@ ModPagespeedStatistics <%= @collect_statistics %>
     # statistics.  This might be appropriate in an experimental setup or
     # if the Apache server is protected by a reverse proxy that will
     # filter URLs in some fashion.
-    Allow from localhost
-    Allow from 127.0.0.1
-    Allow from ::1
-    <% @allow_view_stats.each do |host| -%>
-    Allow from <%= host %>
-    <% end -%>
+    <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require ip 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %>
+    <%- else -%>
+    Order allow,deny
+    Allow from 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %>
+    <%- end -%>
     SetHandler mod_pagespeed_statistics
 </Location>
 
 ModPagespeedStatisticsLogging <%= @statistics_logging %>
 <Location /pagespeed_console>
+    <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %>
+    <%- else -%>
     Order allow,deny
-    Allow from localhost
-    Allow from 127.0.0.1
-    Allow from ::1
-    <% @allow_pagespeed_console.each do |host| -%>
-    Allow from <%= host %>
-    <% end -%>
+    Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %>
+    <%- end -%>
     SetHandler pagespeed_console
 </Location>
 
 ModPagespeedMessageBufferSize <%= @message_buffer_size %>
 
 <Location /mod_pagespeed_message>
+    <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %>
+    <%- else -%>
     Order allow,deny
-    Allow from localhost
-    Allow from 127.0.0.1
-    Allow from ::1
-    <% @allow_pagespeed_message.each do |host| -%>
-    Allow from <%= host %>
-    <% end -%>
+    Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %>
+    <%- end -%>
     SetHandler mod_pagespeed_message
 </Location>
 
diff --git a/templates/mod/proxy.conf.erb b/templates/mod/proxy.conf.erb
index 1f4a4129c..5ea829eeb 100644
--- a/templates/mod/proxy.conf.erb
+++ b/templates/mod/proxy.conf.erb
@@ -10,9 +10,13 @@
 
   <% if @proxy_requests != 'Off' or ( @allow_from and ! @allow_from.empty? ) -%>
   <Proxy *>
+    <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require ip <%= Array(@allow_from).join(" ") %>
+    <%- else -%>
     Order deny,allow
     Deny from all
     Allow from <%= Array(@allow_from).join(" ") %>
+    <%- end -%>
   </Proxy>
   <% end -%>
 
diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb
index c00c16a78..84f2e0343 100644
--- a/templates/mod/status.conf.erb
+++ b/templates/mod/status.conf.erb
@@ -1,8 +1,12 @@
 <Location /server-status>
     SetHandler server-status
+    <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+    Require ip <%= Array(@allow_from).join(" ") %>
+    <%- else -%>
     Order deny,allow
     Deny from all
     Allow from <%= Array(@allow_from).join(" ") %>
+    <%- end -%>
 </Location>
 ExtendedStatus <%= @extended_status %>
 
diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb
index e4c6ba55d..add525d5e 100644
--- a/templates/mod/userdir.conf.erb
+++ b/templates/mod/userdir.conf.erb
@@ -8,12 +8,20 @@
     AllowOverride FileInfo AuthConfig Limit Indexes
     Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
     <Limit GET POST OPTIONS>
+      <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+      Require all denied
+      <%- else -%>
       Order allow,deny
       Allow from all
+      <%- end -%>
     </Limit>
     <LimitExcept GET POST OPTIONS>
-      Order deny,allow
-      Deny from all
+      <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
+      Require all denied
+      <%- else -%>
+      Order allow,deny
+      Allow from all
+      <%- end -%>
     </LimitExcept>
   </Directory>
 </IfModule>