In older versions of apache, we had this, which worked fine: <LocationMatch "foo"> PerlAccessHandler MyStuff:: DoYouBelongHere AuthName "We do not want everyone coming here" AuthType Basic PerlAuthenHandler MyStuff:: PasswordAuth Require valid-user Satisfy any SetHandler modperl PerlResponseHandler MyStuff:: CoolContentHandler </LocationMatch> If the AccessHandler returned OK, then the user was permitted access, and the AuthenHandler was not consulted. In converting this to Apache 2.4 syntax, I tried this: <LocationMatch "foo"> <SatisfyAny> PerlAccessHandler MyStuff:: DoYouBelongHere AuthName "We do not want everyone coming here" AuthType Basic PerlAuthenHandler MyStuff:: PasswordAuth Require valid-user </SatisfyAny> SetHandler modperl PerlResponseHandler MyStuff:: CoolContentHandler </LocationMatch> but even when the AccessHandler returns OK, processing is passed on to the AuthenHandler and the user is prompted for a password (which the AccessHandler is intended to avoid when appropriate). So, I tried this: <LocationMatch "foo"> <SatisfyAny> <SatisfyAll> PerlAccessHandler MyStuff:: DoYouBelongHere </SatisfyAll> <SatisfyAll> AuthName "We do not want everyone coming here" AuthType Basic PerlAuthenHandler MyStuff:: PasswordAuth Require valid-user </SatisfyAll> </SatisfyAny> SetHandler modperl PerlResponseHandler MyStuff:: CoolContentHandler </LocationMatch> but that resulted in a syntax error when restarting apache: <RequireAll> directive contains no authorization directives (and it referenced the line where the first "RequireAll" appeared) So, clearly, the AccessHandler is not considered to be the same species of directive as the AuthenHandler or other directives which participate in "Satisfy" groupings. Since this worked wonderfully in older versions of Apache, there must be a way to tell Apache 2.4, "I want to use an AccessHandler to test conditions which might grant access without any input from the user. If that succeeds, let them in and forget any other authentication. If it does not succeed, then I have an AuthenHandler that I'd like to use to prompt them for a password." How can this be achieved in Apache 2.4? (By the way, the spaces after the double colons in Perl handler names were inserted here in order to avoid letters being converted into emoticons. Those spaces were not in my original code.)
I have found a solution to my problem. It seems that a solution to this is to combine all of the functionality into a single handler, call it the AccessHandler, give it an AuthName (even though it isn't an AuthenHandler, the AuthName will be needed if the handler ends up prompting for username/password), and leave out all of the <Require*> tags completely.