I am no expert on apache conf files, but I am reasonably familiar with them. A security plugin I have installed on one of my wordpress sites (https://ithemes.com/security/) makes edits to an .htaccess files in order to enforce automated IP bans (for example, if you have too many failed login attempts in a short period of time). Here is the block that it generated: (xxx added by me for the IP address)
<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not env DenyAccess
Require not ip xxx.xxx.xxx.xxx
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from env=DenyAccess
Deny from xxx.xxx.xxx.xxx
Allow from all
</IfModule>
Now, this causes the site to bomb out with a 500 error. The error I get in my log is
Expected
</RequireAll>>but saw</RequireAll>
(Note the extra trailing >). And, lo and behold, if I add an extra >, the site works again.
What syntax rule is at play here? Why on earth do I need the extra > in a closing tag? Why would the (popular and genreally respected) plugin be generating an invalid .htaccess? Since this looks so wrong to me I’m inclined to believe I have some obscure server setting or an outdated apache or something causing this. Any insight would be much appreciated.
Using Apache/2.0.46
