http://httpd.apache.org/docs/2.4/upgrading.html


In this example, all requests are denied.

2.2 configuration:

Order deny,allow
Deny from all
2.4 configuration:

Require all denied
In this example, all requests are allowed.

2.2 configuration:

Order allow,deny
Allow from all
2.4 configuration:

Require all granted
In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

2.2 configuration:

Order Deny,Allow
Deny from all
Allow from example.org
2.4 configuration:

Require host example.org
In the following example, mixing old and new directives leads to unexpected results.

Mixing old and new directives: NOT WORKING AS EXPECTED

DocumentRoot "/var/www/html"

<Directory "/">
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Location "/server-status">
    SetHandler server-status
    Require 127.0.0.1
</Location>

access.log - GET /server-status 403 127.0.0.1
error.log - AH01797: client denied by server configuration: /var/www/html/server-status
Why httpd denies access to servers-status even if the configuration seems to allow it? Because mod_access_compat
 directives take precedence over the mod_authz_host one in this configuration merge scenario.

This example conversely works as expected:

Mixing old and new directives: WORKING AS EXPECTED

DocumentRoot "/var/www/html"

<Directory "/">
    AllowOverride None
    Require all denied
</Directory>

<Location "/server-status">
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow From 127.0.0.1
</Location>

access.log - GET /server-status 200 127.0.0.1
So even if mixing configuration is still possible, please try to avoid it when upgrading: either keep old 
directives and then migrate to the new ones on a later stage or just migrate everything in bulk.