The issue linked with this PR #333 is still not recreated, that issue might have occurred due to some other reason
Meanwhile, this PR is resolving another issue so it needs some changes before merging into QloApps.
The PR addresses the new configuration directives used in apache 2.4 and updates the google fonts access protocol so please update the title accordingly.
Also, unlink the PR with issue #333.

Changes :

• .htaccess should use mod_authz_host instead of mod_access_compat as mod_access_compat has been depricated

  • Preferably like:

    <IfVersion < 2.4>
        Order deny,allow
        Deny from all
    </IfVersion>
    <IfVersion >= 2.4>
        <IfModule mod_authz_host.c>
            Require all denied
        </IfModule>
        <IfModule !mod_authz_host.c>
            Order deny,allow
            Deny from all
        </IfModule>
    </IfVersion>
    

• we have used php_flag engine off, instead we should not use this as it destroy the whole purpose of redirection using index.php, should be removed from /img/cms/ and /upload/ directory

@computersalat
The issue was recreated in openSUSE 15.3.
Update the given changes so that we can merge PR.

Changes
.htaccess should use mod_authz_host instead of mod_access_compat as mod_access_compat has been deprecated.
Apache version comparison is not required as the module can define which method to use. Only use the following code:

<IfModule mod_authz_host.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_host.c>
    Order deny,allow
    Deny from all
</IfModule>

@computersalat The issue was recreated in openSUSE 15.3. Update the given changes so that we can merge PR.

Changes .htaccess should use mod_authz_host instead of mod_access_compat as mod_access_compat has been deprecated. Apache version comparison is not required as the module can define which method to use. Only use the following code:

<IfModule mod_authz_host.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_host.c>
    Order deny,allow
    Deny from all
</IfModule>

Sorry, but your proposal is just wrong. You did definitly NOT understand the migration of directives from Apache 2.2 to 2.4.
The absence of mod_authz_host does not define to be on Apache 2.4.
mod_access_compat was introduced with apache 2.3 to keep OLD mod_authz_host directives (Order) without the need to change to the NEW mod_authz_host directives (Require).
On Apache 2.2: mod_authz_host is using the Order directive.
See also:
https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
On Apache 2.4: mod_authz_host is using the Require directive.
See also:
https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html

So if you want a working solution that can still be used on OLD Apache 2.2 as well as on Apache 2.4 then just take my PR as is.
If you want a correct and working solution only for Apache 2.4 convert all your OLD Order directives to the NEW Require directive.

If you still don't understand then just close this PR. I am tired.

@computersalat

We have checked the issue does occur in openSESU 15.3 but it took some time to recreate the issue as the complete steps were not clear on how the recreate the issue and the testing environment.

The "mod_access_compat" directives have been deprecated in apache 2.4 by "mod_authz_host".
Please see the warning in https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html
So it is now encouraged to use mod_authz_host.

we need the code that is being merged with QloApps to be of the correct standard.
Please update the PR, we are waiting.

@shreesh-webkul

You still didn't answer the question about what you want.
Read my previous comment carefully and answer the question for yourself.
If you know what you want then proceed as proposed.

@shreesh-webkul
All your .htaccess files consists of the OLD Order Directives that should be used by Apache 2.2.

Note

The directives provided by [mod_access_compat](https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html) have been deprecated by [mod_authz_host](https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html).
Mixing old directives like [Order](https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#order), [Allow](https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#allow)
 or [Deny](https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#deny) with new ones like [Require](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require) is technically possible but discouraged.
This module was created to support configurations containing only old directives to facilitate the 2.4 upgrade. Please check the [upgrading](https://httpd.apache.org/docs/2.4/upgrading.html) guide for more information.

If you want to continue using your old code also on Apache >= 2.4 then you must use mod_access_compat because you don't know if the guy that is running apache 2.4 is using mod_access_compat or not.
If that guy is not using mod_access_compat on his apache 2.4, then you must use the NEW Require Directive.

This patch is perfect for using the code on Apache 2.2 as well as on Apache 2.4. No matter if mod_access_compat is being used on Apache 2.4 or not.

Hopefully you will understand now.