diff --git a/roles/batcave/files/allows b/roles/batcave/files/allows
index 47b30e7242..4fc8da383a 100644
--- a/roles/batcave/files/allows
+++ b/roles/batcave/files/allows
@@ -1,97 +1,97 @@
-allow from .fedoraproject.org
-allow from 10.
-allow from 64.34.163.94
-allow from 64.34.163.95
-allow from 64.34.163.96
-allow from 64.34.183.130
-allow from 64.34.184.178
-allow from 64.34.184.179
-allow from 64.34.195.12
-allow from 64.34.195.13
-allow from 64.34.195.14
-allow from 64.34.203.162
-allow from 64.34.212.36
-allow from 64.34.212.37
-allow from 64.34.212.38
-allow from 66.135.52.16
-allow from 66.135.52.17
-allow from 66.135.52.84
-allow from 66.135.52.85
-allow from 66.135.55.241
-allow from 66.135.60.113
-allow from 66.35.62.160/28
-allow from 80.239.144.84
-allow from 80.239.156.208/28
-allow from 94.76.206.175
-allow from 128.197.185.42
-allow from 128.197.185.45
-allow from 140.211.169.192/26
-allow from 209.132.178.0/23
-allow from 209.132.180.0/24
-allow from 209.132.181.0/24
-allow from 209.132.182.51
-allow from 209.132.184.0/24
-allow from 213.175.193.204
-allow from 213.175.193.205
-allow from 213.175.193.206
-allow from 213.175.193.207
+require host fedoraproject.org
+require ip 10.
+require ip 64.34.163.94
+require ip 64.34.163.95
+require ip 64.34.163.96
+require ip 64.34.183.130
+require ip 64.34.184.178
+require ip 64.34.184.179
+require ip 64.34.195.12
+require ip 64.34.195.13
+require ip 64.34.195.14
+require ip 64.34.203.162
+require ip 64.34.212.36
+require ip 64.34.212.37
+require ip 64.34.212.38
+require ip 66.135.52.16
+require ip 66.135.52.17
+require ip 66.135.52.84
+require ip 66.135.52.85
+require ip 66.135.55.241
+require ip 66.135.60.113
+require ip 66.35.62.160/28
+require ip 80.239.144.84
+require ip 80.239.156.208/28
+require ip 94.76.206.175
+require ip 128.197.185.42
+require ip 128.197.185.45
+require ip 140.211.169.192/26
+require ip 209.132.178.0/23
+require ip 209.132.180.0/24
+require ip 209.132.181.0/24
+require ip 209.132.182.51
+require ip 209.132.184.0/24
+require ip 213.175.193.204
+require ip 213.175.193.205
+require ip 213.175.193.206
+require ip 213.175.193.207
# ibiblio
-allow from 152.19.134.136
-allow from 152.19.134.137
-allow from 152.19.134.138
-allow from 152.19.134.139
-allow from 152.19.134.140
-allow from 152.19.134.141
-allow from 152.19.134.142
-allow from 152.19.134.143
-allow from 152.19.134.144
-allow from 152.19.134.145
-allow from 152.19.134.146
-allow from 152.19.134.147
-allow from 152.19.134.148
-allow from 152.19.134.149
-allow from 152.19.134.150
-allow from 152.19.134.169
-allow from 152.19.134.170
-allow from 152.19.134.172
-allow from 152.19.134.173
-allow from 152.19.134.191
-allow from 152.19.134.192
-allow from 152.19.134.193
-allow from 152.19.134.194
-allow from 152.19.134.195
-allow from 152.19.134.196
-allow from 152.19.134.197
-allow from 152.19.134.198
+require ip 152.19.134.136
+require ip 152.19.134.137
+require ip 152.19.134.138
+require ip 152.19.134.139
+require ip 152.19.134.140
+require ip 152.19.134.141
+require ip 152.19.134.142
+require ip 152.19.134.143
+require ip 152.19.134.144
+require ip 152.19.134.145
+require ip 152.19.134.146
+require ip 152.19.134.147
+require ip 152.19.134.148
+require ip 152.19.134.149
+require ip 152.19.134.150
+require ip 152.19.134.169
+require ip 152.19.134.170
+require ip 152.19.134.172
+require ip 152.19.134.173
+require ip 152.19.134.191
+require ip 152.19.134.192
+require ip 152.19.134.193
+require ip 152.19.134.194
+require ip 152.19.134.195
+require ip 152.19.134.196
+require ip 152.19.134.197
+require ip 152.19.134.198
# internetx
-allow from 85.236.55.0/28
-allow from 2001:4178:2:1269::/64
+require ip 85.236.55.0/28
+require ip 2001:4178:2:1269::/64
# ibiblio ipv6
-allow from 2610:28:3090:3001:dead:beef:cafe:fe00/120
+require ip 2610:28:3090:3001:dead:beef:cafe:fe00/120
# Private network cloud nat
-allow from 209.132.180.6
+require ip 209.132.180.6
# rdu - rht
-allow from 204.85.14.1
-allow from 204.85.14.2
-allow from 204.85.14.3
+require ip 204.85.14.1
+require ip 204.85.14.2
+require ip 204.85.14.3
# sourceware systems
-allow from 209.132.180.128/27
+require ip 209.132.180.128/27
# colocation america system.
-allow from 67.203.2.64/29
-allow from 2067:f188:0:0::0/64
+require ip 67.203.2.64/29
+require ip 2067:f188:0:0::0/64
# host1plus
-allow from 5.175.150.48/28
+require ip 5.175.150.48/28
# dedicatedsolutions
-allow from 67.219.144.66
-allow from 67.219.144.67
-allow from 67.219.144.68
-allow from 67.219.144.69
-allow from 67.219.144.70
+require ip 67.219.144.66
+require ip 67.219.144.67
+require ip 67.219.144.68
+require ip 67.219.144.69
+require ip 67.219.144.70
diff --git a/roles/batcave/files/infrastructure.fedoraproject.org.conf b/roles/batcave/files/infrastructure.fedoraproject.org.conf
index 641aa207ce..ac1f187da5 100644
--- a/roles/batcave/files/infrastructure.fedoraproject.org.conf
+++ b/roles/batcave/files/infrastructure.fedoraproject.org.conf
@@ -1,3 +1,4 @@
+Listen 443
ServerName infrastructure.fedoraproject.org
ServerAlias infrastructure.stg.fedoraproject.org
@@ -32,48 +33,43 @@ DocumentRoot /srv/web
Options Indexes FollowSymLinks
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
Options Indexes FollowSymLinks
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all granted
Order deny,allow
- Deny from all
+ Require all denied
Include "conf.d/allows"
Order deny,allow
- Deny from all
+ Require all denied
Include "conf.d/allows"
Options Indexes FollowSymLinks
AllowOverride None
- Order deny,allow
- Deny from all
+ Require all denied
Include "conf.d//allows"
Options Indexes FollowSymLinks
- Order allow,deny
- Allow from all
+ Require all allowed
Include "conf.d//allows"
Options FollowSymLinks
- Order allow,deny
- Allow from all
+ Require all allowed
Include "conf.d//allows"
@@ -82,20 +78,17 @@ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
AllowOverride None
Options None
- Order allow,deny
- Allow from all
+ Require all allowed
AllowOverride None
Options None
- Order allow,deny
- Allow from all
+ Require all allowed
AllowOverride None
Options None
- Order allow,deny
- Allow from all
+ Require all allowed
@@ -138,48 +131,41 @@ DocumentRoot /srv/web
Options Indexes FollowSymLinks
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all allowed
Options Indexes FollowSymLinks
AllowOverride None
- Order allow,deny
- Allow from all
+ Require all allowed
- Order deny,allow
- Deny from all
+ Require all denied
Include "conf.d/allows"
- Order deny,allow
- Deny from all
+ Require all denied
Include "conf.d/allows"
Options Indexes FollowSymLinks
AllowOverride None
- Order deny,allow
- Deny from all
+ Require all denied
Include "conf.d/allows"
Options Indexes FollowSymLinks
- Order allow,deny
- Allow from all
+ Require all allowed
Include "conf.d/allows"
Options FollowSymLinks
- Order allow,deny
- Allow from all
+ Require all allowed
Include "conf.d/allows"
@@ -188,19 +174,16 @@ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
AllowOverride None
Options None
- Order allow,deny
- Allow from all
+ Require all allowed
AllowOverride None
Options None
- Order allow,deny
- Allow from all
+ Require all allowed
AllowOverride None
Options None
- Order allow,deny
- Allow from all
+ Require all allowed