What does Apache's "Require all granted" really do?

Solution 1:

The access control configuration changed in 2.4, and old configurations aren't compatible without some changes. See here.

If your old config was Allow from all (no IP addresses blocked from accessing the service), then Require all granted is the new functional equivilent.

Solution 2:

I know it is an old post but I think that I can help more with a functional example that I always use!

In apache 2.2 would be like:

    <Location />
       Order deny, allow
       allow from all
    </Location>
    <Location /adm>
        Order deny, allow
        deny from all
        allow from myniceip
    </Location>
    <Location /disabled>
        Order deny, allow
        deny from all
    </Location>

In apache 2.4 would be like:

   <Location />
       require all granted
    </Location>
   #Note that you dont need to use require all denied
   #to require only a group of ips.. 
    <Location /adm>
        require ip myniceip
    </Location>
    <Location /disabled>
        Require all denied
    </Location>

Be carefully when using htacess authentication, this new syntax can do some bad and unexpected things, if that is your case please read: https://unix.stackexchange.com/questions/413309/apache-2-4-wants-me-to-decide-require-valid-ip-or-require-valid-user and you should be fine!