openSUSE 13.1 and Apache 2.4
openSUSE 13.1's Apache currently has a bug that affects ISPConfig: https://bugzilla.novell.com/show_bug.cgi?id=855049
Summary: mod_authz_compat prefers the old "Allow/Deny" syntax over the new "Require" syntax. openSUSE has the following block in its default httpd.conf:Options None AllowOverride None Order deny,allow Deny from all
The "Deny from all" gets absolute priority over any "Require ... granted" directives that are defined for subdirectories of "/". This means that the "Require"s in ispconfig.vhost are effectively overridden, unless httpd.conf is changed to look as follows:Options None AllowOverride None Require all denied
Maybe someone will fix mod_authz_compat to treat both directives with the same priority, but that might take some time. If ISPConfig will be released before that happens, I guess a big warning should be placed in the release notes. Alternatively, Apache could be treated as if it were still 2.2, but that might have other unintended side-effects.