# [solved] Apache 2.4 00_default_settings.conf

## elmar283

I have installed a new version of appache2 version 2.4 on my Gentoo machine.

With the defaults I get an error message:

```
elmar@deepthought /etc $ sudo /etc/init.d/apache2 start

Password: 

 * Caching service dependencies ...                                                                                                                                                            [ ok ]

 * apache2 has detected an error in your setup:

AH00526: Syntax error on line 110 of /etc/apache2/modules.d/00_default_settings.conf:

Invalid command 'Require', perhaps misspelled or defined by a module not included in the server configuration

 * ERROR: apache2 failed to start

```

THe line 100 is:

```

<Directory />

        Options FollowSymLinks

        AllowOverride None

        Require all denied

</Directory>

```

What is wrong? 

Here are some config files:

```
elmar@deepthought /etc $ emerge --info

Portage 2.2.26 (python 2.7.10-final-0, hardened/linux/x86, gcc-4.9.3, glibc-2.22-r4, 4.4.8-hardened-r1 i686)

=================================================================

System uname: Linux-4.4.8-hardened-r1-i686-Genuine_Intel-R-_CPU_1300_@_1.66GHz-with-gentoo-2.2

KiB Mem:     2038624 total,    250132 free

KiB Swap:     524284 total,    498440 free

Timestamp of repository gentoo: Mon, 23 May 2016 00:50:01 +0000

sh bash 4.3_p42-r1

ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1

app-shells/bash:          4.3_p42-r1::gentoo

dev-lang/perl:            5.20.2::gentoo

dev-lang/python:          2.7.10-r1::gentoo, 3.4.3-r1::gentoo

dev-util/cmake:           3.3.1-r1::gentoo

dev-util/pkgconfig:       0.28-r2::gentoo

sys-apps/baselayout:      2.2::gentoo

sys-apps/openrc:          0.19.1::gentoo

sys-apps/sandbox:         2.10-r1::gentoo

sys-devel/autoconf:       2.69::gentoo

sys-devel/automake:       1.11.6-r1::gentoo, 1.14.1::gentoo, 1.15::gentoo

sys-devel/binutils:       2.25.1-r1::gentoo

sys-devel/gcc:            4.9.3::gentoo

sys-devel/gcc-config:     1.7.3::gentoo

sys-devel/libtool:        2.4.6::gentoo

sys-devel/make:           4.1-r1::gentoo

sys-kernel/linux-headers: 4.3::gentoo (virtual/os-headers)

sys-libs/glibc:           2.22-r4::gentoo

Repositories:

gentoo

    location: /usr/portage

    sync-type: rsync

    sync-uri: rsync://rsync.nl.gentoo.org/gentoo-portage

    priority: -1000

ACCEPT_KEYWORDS="x86"

ACCEPT_LICENSE="*"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-march=native -O2 -pipe"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /var/bind"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-march=native -O2 -pipe"

DISTDIR="/usr/portage/distfiles"

FCFLAGS="-march=i686 -O2 -pipe"

FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"

FFLAGS="-march=i686 -O2 -pipe"

GENTOO_MIRRORS="http://mirror.leaseweb.com/gentoo/ rsync://mirror.leaseweb.com/gentoo/ ftp://mirror.leaseweb.com/gentoo/ http://gentoo.tiscali.nl/ ftp://gentoo.tiscali.nl/pub/mirror/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo rsync://ftp.snt.utwente.nl/gentoo ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo"

LANG="C"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS="-j3"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

USE="acl acpi alsa apache2 apm authdaomond autoip avahi berkdb bzip2 cifs clamdtop cli cracklib crypt cups curl cxx dri dvd exif expat fbcon ffmpeg fpm fuse gd gdbm geoip gif gnutls gpm gs hardened iconv imagemagick imap inotify ipv6 jpeg jpeg2k libedit libnotify libwww lm_sensor lock maildir md5sum mmx modules mysql mysqli named ncurses nfs nfsv41 nls nptl ntp openmp openssl pam pax pax_kernel pcre pear perl pic pie pmu png postgres python samba sasl sdl seccomp session slang spamassassin spell sql sqlite sqlite2 sse sse2 ssl ssp tcpd tiff udev unicode urandom vda vhosts webkit x86 xattr xml xtpax zeropconf zip zlib" ABI_X86="32" ALSA_CARDS="hda-intel" APACHE2_MODULES="actions alias auth_basic auth_digest authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="prefork" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3" CURL_SSL="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en nl" LIRC_DEVICES="macmini" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="intel i915" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
```

```
elmar@deepthought /etc $ cat /etc/conf.d/apache2 

# /etc/conf.d/apache2: config file for /etc/init.d/apache2

# When you install a module it is easy to activate or deactivate the modules

# and other features of apache using the APACHE2_OPTS line. Every module should

# install a configuration in /etc/apache2/modules.d. In that file will have an

# <IfDefine NNN> directive where NNN is the option to enable that module.

#

# Here are the options available in the default configuration:

#

#  AUTH_DIGEST  Enables mod_auth_digest

#  AUTHNZ_LDAP  Enables authentication through mod_ldap (available if USE=ldap)

#  CACHE        Enables mod_cache

#  DAV          Enables mod_dav

#  ERRORDOCS    Enables default error documents for many languages.

#  INFO         Enables mod_info, a useful module for debugging

#  LANGUAGE     Enables content-negotiation based on language and charset.

#  LDAP         Enables mod_ldap (available if USE=ldap)

#  MANUAL       Enables /manual/ to be the apache manual (available if USE=docs)

#  MEM_CACHE    Enables default configuration mod_mem_cache

#  PROXY        Enables mod_proxy

#  SSL          Enables SSL (available if USE=ssl)

#  STATUS       Enabled mod_status, a useful module for statistics

#  SUEXEC       Enables running CGI scripts (in USERDIR) through suexec.

#  USERDIR      Enables /~username mapping to /home/username/public_html

#

#

# The following two options provide the default virtual host for the HTTP and

# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache

# will not listen for incomming connections on the approriate port.

#

#  DEFAULT_VHOST      Enables name-based virtual hosts, with the default

#                     virtual host being in /var/www/localhost/htdocs

#  SSL_DEFAULT_VHOST  Enables default vhost for SSL (you should enable this

#                     when you enable SSL)

#

APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE"

# Extended options for advanced uses of Apache ONLY

# You don't need to edit these unless you are doing crazy Apache stuff

# As not having them set correctly, or feeding in an incorrect configuration

# via them will result in Apache failing to start

# YOU HAVE BEEN WARNED.

# PID file

#PIDFILE=/var/run/apache2.pid

# timeout for startup/shutdown checks

#TIMEOUT=10

# ServerRoot setting

#SERVERROOT=/usr/lib/apache2

# Configuration file location

# - If this does NOT start with a '/', then it is treated relative to

# $SERVERROOT by Apache

#CONFIGFILE=/etc/apache2/httpd.conf

# Location to log startup errors to

# They are normally dumped to your terminal.

#STARTUPERRORLOG="/var/log/apache2/startuperror.log"

# A command that outputs a formatted text version of the HTML at the URL

# of the command line. Designed for lynx, however other programs may work.

#LYNX="lynx -dump"

# The URL to your server's mod_status status page.

# Required for status and fullstatus

#STATUSURL="http://localhost/server-status"

# Method to use when reloading the server

# Valid options are 'restart' and 'graceful'

# See http://httpd.apache.org/docs/2.2/stopping.html for information on

# what they do and how they differ.

#RELOAD_TYPE="graceful"
```

```
elmar@deepthought /etc $ cat /etc/portage/make.conf

# These settings were set by the catalyst build script that automatically

# built this stage.

# Please consult /usr/share/portage/config/make.conf.example for a more

# detailed example.

CFLAGS="-march=native -O2 -pipe"

CXXFLAGS="${CFLAGS}"

MAKEOPTS="-j3"

# WARNING: Changing your CHOST is not something that should be done lightly.

# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.

CHOST="i686-pc-linux-gnu"

# These are the USE flags that were used in addition to what is provided by the

# profile used for building.

ALSA_CARDS="hda-intel"

VIDEO_CARDS="intel i915"

INPUT_DEVICES="evdev keyboard mouse"

LIRC_DEVICES="macmini"

ACCEPT_LICENSE="*"

#ACCEPT_KEYWORDS="~x86"

GENTOO_MIRRORS="http://mirror.leaseweb.com/gentoo/ rsync://mirror.leaseweb.com/gentoo/ ftp://mirror.leaseweb.com/gentoo/ http://gentoo.tiscali.nl/ ftp://gentoo.tiscali.nl/pub/mirror/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo rsync://ftp.snt.utwente.nl/gentoo ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo"

CPU_FLAGS_X86="mmx mmxext sse sse2 sse3"

USE="acpi alsa apache2 apm authdaomond autoip avahi bzip2 cifs cups clamdtop curl crypt \

     dvd exif expat fbcon ffmpeg fpm fuse gd geoip gif gnutls gs -gtk -gtk3 gpm hardened inotify imagemagick imap inotify ipv6 \

     jpeg jpeg2k -kde -libav libedit libnotify libwww lock lm_sensor md5sum maildir -minimal mmx \

     mysql mysqli named nfs nfsv41 nls ntp openssl pam pax pear perl pcre pic pmu png postgres python \

     -readline samba sasl sdl slang spamassassin spell ssl sse sse2 sql sqlite sqlite2 tiff udev unicode \

     urandom vda vhosts webkit -X xml zeropconf zip -ppp"

APACHE2_MODULES="actions alias auth_basic auth_digest authn_alias authn_anon authn_dbm authn_default authn_file \

                 authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi \

                 cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers \

                 include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling \

                 status unique_id userdir usertrack vhost_alias"

APACHE2_MPMS="prefork"

PHP_TARGETS="php5_6"

PHP_TARGETS="php5-6"

PHP_INI_VERSION="production"

LANG=C 

LC_CTYPE="$LANG" 

LC_COLLATE="$LANG" 

LC_MESSAGES="$LANG" 

LINGUAS="en nl"

CURL_SSL="openssl"
```

```
elmar@deepthought /etc $ cat /etc/apache2/modules.d/00_default_settings.conf 

# This configuration file reflects default settings for Apache HTTP Server.

# You may change these, but chances are that you may not need to.

# Timeout: The number of seconds before receives and sends time out.

Timeout 300

# KeepAlive: Whether or not to allow persistent connections (more than

# one request per connection). Set to "Off" to deactivate.

KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow

# during a persistent connection. Set to 0 to allow an unlimited amount.

# We recommend you leave this number high, for maximum performance.

MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request from the

# same client on the same connection.

KeepAliveTimeout 15

# UseCanonicalName: Determines how Apache constructs self-referencing

# URLs and the SERVER_NAME and SERVER_PORT variables.

# When set "Off", Apache will use the Hostname and Port supplied

# by the client.  When set "On", Apache will use the value of the

# ServerName directive.

UseCanonicalName Off

# AccessFileName: The name of the file to look for in each directory

# for additional configuration directives.  See also the AllowOverride

# directive.

AccessFileName .htaccess

# ServerTokens

# This directive configures what you return as the Server HTTP response

# Header. The default is 'Full' which sends information about the OS-Type

# and compiled in modules.

# Set to one of:  Full | OS | Minor | Minimal | Major | Prod

# where Full conveys the most information, and Prod the least.

ServerTokens Prod

# TraceEnable

# This directive overrides the behavior of TRACE for both the core server and

# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616,

# which disallows any request body to accompany the request. TraceEnable off

# causes the core server and mod_proxy to return a 405 (Method not allowed)

# error to the client.

# For security reasons this is turned off by default. (bug #240680)

TraceEnable off

# Optionally add a line containing the server version and virtual host

# name to server-generated pages (internal error documents, FTP directory

# listings, mod_status and mod_info output etc., but not CGI generated

# documents or custom error documents).

# Set to "EMail" to also include a mailto: link to the ServerAdmin.

# Set to one of:  On | Off | EMail

ServerSignature On

# HostnameLookups: Log the names of clients or just their IP addresses

# e.g., www.apache.org (on) or 204.62.129.132 (off).

# The default is off because it'd be overall better for the net if people

# had to knowingly turn this feature on, since enabling it means that

# each client request will result in AT LEAST one lookup request to the

# nameserver.

HostnameLookups Off

# EnableMMAP and EnableSendfile: On systems that support it,

# memory-mapping or the sendfile syscall is used to deliver

# files.  This usually improves server performance, but must

# be turned off when serving from networked-mounted 

# filesystems or if support for these functions is otherwise

# broken on your system.

EnableMMAP On

EnableSendfile Off

# FileETag: Configures the file attributes that are used to create

# the ETag (entity tag) response header field when the document is

# based on a static file. (The ETag value is used in cache management

# to save network bandwidth.)

FileETag MTime Size

# ContentDigest: This directive enables the generation of Content-MD5

# headers as defined in RFC1864 respectively RFC2616.

# The Content-MD5 header provides an end-to-end message integrity

# check (MIC) of the entity-body. A proxy or client may check this

# header for detecting accidental modification of the entity-body

# in transit.

# Note that this can cause performance problems on your server since

# the message digest is computed on every request (the values are

# not cached).

# Content-MD5 is only sent for documents served by the core, and not

# by any module. For example, SSI documents, output from CGI scripts,

# and byte range responses do not have this header.

ContentDigest Off

# ErrorLog: The location of the error log file.

# If you do not specify an ErrorLog directive within a <VirtualHost>

# container, error messages relating to that virtual host will be

# logged here.  If you *do* define an error logfile for a <VirtualHost>

# container, that host's errors will be logged there and not here.

ErrorLog /var/log/apache2/error_log

# LogLevel: Control the number of messages logged to the error_log.

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

# We configure the "default" to be a very restrictive set of features.

<Directory />

        Options FollowSymLinks

        AllowOverride None

        Require all denied

</Directory>

# DirectoryIndex: sets the file that Apache will serve if a directory

# is requested.

#

# The index.html.var file (a type-map) is used to deliver content-

# negotiated documents. The MultiViews Options can be used for the

# same purpose, but it is much slower.

#

# Do not change this entry unless you know what you are doing.

<IfModule dir_module>

        DirectoryIndex index.html index.html.var

</IfModule>

# The following lines prevent .htaccess and .htpasswd files from being

# viewed by Web clients.

<FilesMatch "^\.ht">

        Require all denied

</FilesMatch>

# vim: ts=4 filetype=apache
```

Last edited by elmar283 on Mon May 23, 2016 6:16 pm; edited 1 time in total

----------

## freke

Apache 2.4 works for me using the Require-directive, I think it requires authz_core and/or authz_host in APACHE2_MODULES though.

https://httpd.apache.org/docs/2.4/howto/access.html

Seeing you already have authz_host defined I'd suggest try adding authz_core.

----------

## elmar283

After adding 'authz_core' I get an other error message:

```
elmar@deepthought /etc $ sudo /etc/init.d/apache2 start

Password: 

 * Caching service dependencies ...                                                                                                                                                            [ ok ]

 * apache2 has detected an error in your setup:

AH00526: Syntax error on line 54 of /etc/apache2/modules.d/40_mod_ssl.conf:

SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

 * ERROR: apache2 failed to start

```

This is on line 54:

```

SSLSessionCache                 shmcb:/run/ssl_scache(512000)
```

----------

## elmar283

I solved it:

```

* Warning: Critical module not installed!

 * Modules 'authn_core', 'authz_core' and 'unixd'

 * are highly recomended but might not be in the base profile yet.

 * Default config for ssl needs module 'socache_shmcb'.

 * Enabling the following flags is highly recommended:

 * + apache2_modules_authn_core
```

I still missed socache_shmcb.

Now it is working again.

----------

