diff --git a/slapos/recipe/erp5testnode/template/httpd.conf.in b/slapos/recipe/erp5testnode/template/httpd.conf.in
index 5152816ce45d554a899376195b070ef14b57bc2e..e2a8cd7780dffd4777cac1b1943d552957a9379d 100644
--- a/slapos/recipe/erp5testnode/template/httpd.conf.in
+++ b/slapos/recipe/erp5testnode/template/httpd.conf.in
@@ -22,7 +22,6 @@ Header set Access-Control-Allow-Origin "*"
 
 # List of modules
 LoadModule unixd_module modules/mod_unixd.so
-LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
 LoadModule log_config_module modules/mod_log_config.so
@@ -68,19 +67,21 @@ SSLProxyEngine On
     <Directory />
         Options Indexes FollowSymLinks
         IndexOptions FancyIndexing
-        order allow,deny
-        Allow from All
+        Require all granted
     </Directory>
 </VirtualHost>
 
+# IMPORTANT NOTE: It is very important to deny access by default, otherwise this
+# open access to private repositories. If someone would like to open access to
+# some code, it would be needed to explicitely add a .htaccess file.
 Listen [%(ip)s]:%(software_access_port)s
 <VirtualHost *:%(software_access_port)s>
     SSLEngine on
     DocumentRoot "%(testnode_srv_directory)s"
     <Directory />
+        AllowOverride FileInfo AuthConfig
         Options FollowSymLinks
         IndexOptions FancyIndexing
-        order allow,deny
-        Allow from All
+        Require all denied
    </Directory>
 </VirtualHost>