We have enabled apache directives as follows:

ServerTokens OS

ServerSignature Off

I thought that ap_get_server_banner () could have porblems to get info because of that directives.

We have changed it with no success to avoid restarting apache problems. 

We still are looking for the solution.

Thanks in advance.




2013/6/27 Rainer Jung <rainer.jung@kippdata.de>
On 26.06.2013 17:17, Jose Pablo Valcárcel Lázaro wrote:
> Hi again.
>
> We have upgraded a server to mod_security 2.7.4. After that upgrade we
> have experienced some apache starting issue like:
>
> Trying to restart service httpd... httpd (pid 467) is running...
> Stopping httpd: [ OK ]
> Starting httpd: httpd: Syntax error on line 207 of
> /etc/httpd/conf/httpd.conf: Cannot load
> /usr/lib/httpd/modules/mod_security2.so into server:
> /usr/lib/httpd/modules/mod_security2.so: undefined symbol:
> ap_get_server_banner
> [FAILED]

ap_get_server_banner() is a function that was added to the Apache API in
Version 2.2.4. When building mod_security, it checks whether the
function is available. If not it replaces the call with the function
ap_get_server_version() which exists since much longer.

That means your mod_security was build against a newer 2.2 version (at
least 2.2.4) and you try to run it in an older one (at most 2.2.3).

This part of mod_security code was added in 2007 and first released with
mod_security 2.5.0. See "Used new Apache API calls to get the server
version/banner when available." in CHANGES:

https://github.com/SpiderLabs/ModSecurity/commit/1e603d8a3e77b0771f9d68475f34c91e3e133657

Solution: make build environment consistent with runtime environment.

Regards,

Rainer




------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/