Thanks Eric for the reply, Can you please suggest us which version of apache(HTTPD) and libaprutil has to be used to be compatible with Mod_security version 3. As we have firewalls for few unofficial websites if you can provide us the official link for us to download the files, it would be really helpful. Thank you very much.
Regards, Poornananda. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -----Original Message----- From: Eric Covener <cove...@gmail.com> Sent: Thursday, May 14, 2020 9:48 PM To: users@httpd.apache.org Subject: Re: [users@httpd] Unable to load Mod_security into Apache. On Thu, May 14, 2020 at 12:01 PM <poornananda.kondapa...@bt.com> wrote: > > Hi Team, > > > > We have installed Apache 2.4.25 in our servers and applications are also > exposed with the help of Apache. As part of Vulnerability precautions and > security of application we are trying to fix the “Server” KeyTag in Response > Headers in Developer tool (Inspect) of Browser. > > > > We can see the value as “Server – Apache” in the Application and we need to > eliminate this. So we found Mod_security as solution and installed it. But > when we load Mod_security into Apache and restart, It is throwing an error > like “Cannot load /Modules/Mod_security.so : apr_crypto_block_cleanup” error > and we are not aware of this error and couldn’t find any solution with our > team or in the google. > > We request you to suggest us a solution to eliminate the “Server” tag in Response Headers without this Mod_security setup (or) along with Mod_security. Any solution is welcome. Please reply us back as soon as possible. Thanks in advance. Your very old HTTPD is linked with a very old libaprutil which is too old for current mod_security. I suggest a recent httpd and libaprutil before trying to add new modules. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
