diff -up cobbler-2.4.0/config/cobbler.conf.httpd24 cobbler-2.4.0/config/cobbler.conf
--- cobbler-2.4.0/config/cobbler.conf.httpd24	2013-01-08 10:22:56.000000000 +0100
+++ cobbler-2.4.0/config/cobbler.conf	2013-01-08 10:25:00.000000000 +0100
@@ -11,8 +11,6 @@ WSGIScriptAliasMatch ^/cblr/svc/([^/]*)
 
 <Directory "/var/www/cobbler">
     Options Indexes FollowSymLinks
-    Order allow,deny
-    Allow from all
 </Directory>
 
 ProxyRequests off
@@ -22,13 +20,3 @@ ProxyPassReverse /cobbler_api http://loc
 
 BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
 
-# the webui is now part of the "cobbler-web" package
-# and is visited at http://.../cobbler_web not this URL.
-# this is only a pointer to the new page.
-
-<Directory "/var/www/cobbler/web/">
-    Options Indexes FollowSymLinks
-    Order allow,deny
-    Allow from all
-</Directory>
-
diff -up cobbler-2.4.0/config/cobbler_web.conf.httpd24 cobbler-2.4.0/config/cobbler_web.conf
--- cobbler-2.4.0/config/cobbler_web.conf.httpd24	2013-01-08 10:23:22.000000000 +0100
+++ cobbler-2.4.0/config/cobbler_web.conf	2013-01-08 10:23:25.000000000 +0100
@@ -8,3 +8,15 @@ RewriteCond %{REQUEST_URI} ^/cobbler_web
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 
 WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
+
+<Directory /usr/share/cobbler/web>
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+        Require all granted
+    <IfModule !mod_authz_core.c>
+    </IfModule>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+</Directory>
+