I protect my HTTP(s) vhosts with geoIP
<Directory /srv/www/vhosts>
MaxMindDBEnable On
MaxMindDBFile DB /usr/local/share/maxminddb/GeoLite2-Country.mmdb
MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(RU|CN|HK|IN) BlockCountry
Deny from env=BlockCountry
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
1.) Am I correct that I mix v2.2 Deny from env=BlockCountry and v2.4 Require all granted directives here.
If yes I searched the web to replace the Deny from env=BlockCountry with an apache2.4 alternative but cannot find one. How can I get rid of the old Deny directicve ?
2.) Am I correct that my GeoIP code in my apache2.conf works with this version inconsistent directives just by some "luck" , because I never set the order which rule ( Require or Deny ) comes first like I would do in v2.2 apache order allow deny
3.) Require env BlockCountry works but than all the blocked Countries have access and all the other not ( I test always with VPN )
So I tried Require not env BlockCountry but this leads to an error when I restart apache web server
You could negate your rule.
Instead of SetEnvIf MM_COUNTRY_CODE ^(RU|CN|HK|IN) BlockCountry Deny from env=BlockCountry
set. SetEnvIf MM_COUNTRY_CODE !^(RU|CN|HK|IN) AllowCountry Require env AllowCountry