Chances are that an application running an old PHP version is probably running on Apache 2.2 web server.
Apache 2.2 configuration syntax is different from those of Apache 2.4+ which our platform runs on.
This is especially true when it comes to access control.
Apache directives define what an authenticated user can do, and the operations or the access that should be allowed.
In 2.2, the access control is based on a client hostname, IP address, etc using the directives Order, Allow, Deny, and Satisfy.
In 2.4, such access control is done using the new module mod_authz_host.
Authorization can be selected not only based on the user or group itself, but also by taking into consideration the other factors by using env, host, or IP, or with the catch-all value all.
- all: matches all traffic. It is useful for setting default values.
- env: whether an environmental variable is set.
- host: test the hostname of a connecting client.
- ip: test the IP address of the connecting user.
These can be controlled based on the order that which they are specified.
You will usually see them inside of one of these special blocks:
- RequireAll: all of the authorization requirements in the block must be fulfilled to allow access.
- RequireAny: if any of the authorization requirements in this block are met, this block is marked as satisfied.
- RequireNone: if any of the requirements listed succeed, the directive will fail.
These authentication blocks are much easier to understand than the classic directives that were used for access control.
.htaccess is the file that allows you to set server configurations for a specific directory.
It is common to place a .htaccess file in a site's root directory e.g. /public_html.
This configures the webserver for the entire website.
To see all the .htaccess files present on your account:
Log in to your cPanel
Scroll down to the Advanced section and click on Terminal for cPanel.
Accept the warning notice "I understand and want to proceed" and click to proceed.
Type in the next command:
find . -name .htaccess
This will list all .htaccess files on the account.
To edit the files, type in:
nano | vi | vim public_html/.htaccess
Or change into the folder containing the .htaccess:
cd public_html nano | vi | vim .htaccess
Remember to choose either nano or vi or vim or any other screen-based text editor you are comfortable with.
Depending on the text editor, make the necessary changes and save with:
:wq
Or discard changes with:
:q!
To remove the php_value and php_flag settings from the .htaccess files, use:
find /home -type f -name '.htaccess' -exec grep -Hrn 'php_value' '{}' \;
find /home -type f -name '.htaccess' -exec grep -Hrn 'php_flag' '{}' \;
If you are not familiar with or not comfortable performing tasks via the command line, then please use cPanel's File Manager available in the Files sections.
In the examples below, using the following configuration may resolve the issue:
FROM Apache 2.2:
Order deny,allow Deny from all
TO Apache 2.4:
Require all denied
FROM Apache 2.2:
Order allow,deny Allow from all
TO Apache 2.4:
Require all granted
If you want to block an IP and you know the specific IP address, you can use something like this below:
Require all granted Require not ip 123.456.78.165
Anyone from (123.456.78.165) will not be able to see the content covered by this directive.
If you don't know the IP address, but know the domain you can use:
Require not host $badDomain.com
