Apache 2.4 security stuff

My new server setup has mostly gone well, but I got tripped up by an error
authz_core client denied by server configuration

Turns out this is a change made between Apache 2.2 and 2.4. It’s reasonably well documented by Apache itself and this Stack Overflow post goes into more detail.

Long story short, for directories outside /var/www where I had some stuff stashed to load (namely CGI scripts), I had to Require all granted in Directory blocks for those oddball directories. I guess Apache moved to a “not allowed by default” model, which makes a lot of sense from a safety point of view.

Note that Munin in Ubuntu 14.04 has Apache 2.2 style config files, despite Apache 2.4 now being the default Ubuntu server. They have a bug tracking this.