Topic: Apache 2.4.10 and ModSecurity versioning

[pvs.1]

Windows 2008 Server R2

httpd-2.4.10-win64-VC11.zip

modules-2.4-win64-VC11.zip

Version problems with ModSecurity compiled version causes APPCRASH httpd.exe on some Rules.

[Mon Aug 11 12:35:03.004679 2014] [:notice] [pid 4888:tid 1056] ModSecurity: APR compiled version="1.5.0"; loaded version="1.5.1"
[Mon Aug 11 12:35:03.004679 2014] [:warn] [pid 4888:tid 1056] ModSecurity: Loaded APR do not match with compiled!
[Mon Aug 11 12:35:03.004679 2014] [:notice] [pid 4888:tid 1056] ModSecurity: PCRE compiled version="8.34 "; loaded version="8.35 2014-04-04"
[Mon Aug 11 12:35:03.004679 2014] [:warn] [pid 4888:tid 1056] ModSecurity: Loaded PCRE do not match with compiled!

Same modsecurity configuration/rules work fine with 2.4.9 build as versions are correct.

An interesting note: this miss configuration causes the "Execution error - PCRE limits exceeded (-: (null)" log in the mod security audit log which may or may not help some people in finding the root to that problem as well.

I have no way to compile the modules as I do not develop on Windows.

Hope this helps and thanks for your time putting together these builds very much appreciated.

[Steffen]

The version mismatches should not be an issue, no API changes.

Pcre is upgraded with 2.4.10.
You can try to replace pcre dll with the one from 2.4.9.

Best is to report issues with mod_security at their user list.

Should be helpful when they know which rule(s) causing issues.