Apache version difference

hello - does anybody know why is it i am seeing apache version number differences?

# httpd -v ;
Server version: Apache/2.4.37 (centos)
Server built: Nov 4 2020 03:20:37

phpinfo():

SERVER_SOFTWARE Apache/2.4.6

Two possibilities (guessing, because googling doesn’t want to tell me):

  1. PHP was built against an older version of Apache. If you aren’t using mod_php (which you definitely should not be), it doesn’t matter what version it’s build against, as it only gets proxied through Apache via fcgid or php-fpm. You updated Apache but the PHP packages were all built against the CentOS standard version of Apache.
  2. You have two Apache versions installed. CentOS 7 has 2.4.6, right? So, 2.4.37 is either from a third party repo (maybe OK) or a from-source install (probably too risky, I’d advise against it).

Or
maybe .you’re running CentOS 8? That has Apache 2.4.37. I don’t know why PHP would report Apache 2.4.6. phpinfo() on my CentOS 8 system doesn’t show a version in SERVER_SOFTWARE. Just says “Apache” (but, maybe it depends on how it’s run).

Centos-8 (soon to be rocky-linux, hopefully).

php-fpm:

# php-fpm  -v
PHP 7.4.6 (fpm-fcgi) (built: May 12 2020 08:09:15)
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.6, Copyright (c), by Zend Technologies
1 Like

does anybody know why is it i am seeing apache version number differences?

Yes. An extra guess to what Joe already suggested. It could be caused by mod_security, which will easily and effectively enable you to make Apache return anything with server header.

In order to display Apache 2.4.6 (as in initial question) string, first set on httpd.conf global config file:

ServerTokens Minor


 and later edit mod_security.conf file with:

SecServerSignature "Apache 3.0"

Yes, it presumes that mod_security is installed and enabled.

I don’t know why PHP would report Apache 2.4.6. phpinfo() on my CentOS 8 system doesn’t show a version in SERVER_SOFTWARE.

This is controlled with aforementioned ServerTokens directive.

SERVER_SOFTWARE Apache/2.4.6

Use editing config files manually and search in files content feature to find 2.4.6 string, in case my suggestion is something that happening in your case:

1 Like

thank you. i do not have a mod_security.conf file which according to Joe Cooper’s comment is a good thing.

i am prepared to ignore the phpinfo() version number and just stick with httpd-v; instead, but still i thought it was a little curious.

The string could show up in Apache binaries too. Could there be a module that was meant for – or like Joe suggested, built on – the older Apache version?

This is no emergency but it’s still intriguing.

I don’t understand what you’re asking.

The string could show up in Apache binaries too.

The version number found in binaries is actual Apache version, which can be universally checked across distros with apachectl -v command (it is assumed that there is only one Apache version installed and running).

i am wondering if this question is better to be asked in a php forum.

I suppose the question should’ve been more like ‘Could there be an older Apache module that doesn’t belong?’ but the flaw in my guess is more obvious now.

I didn’t say anything about mod_security, and have no strongly held opinions about it.

phpinfo() and global $_SERVER['SERVER_SOFTWARE'] is a header, and depends on Apache and not any PHP modules. You could open a browser’s console and see the same on the network tab.

i am prepared to ignore the phpinfo() version number and just stick with httpd-v; instead, but still i thought it was a little curious.

Have you tried rebooting your server?

What is the output of the following command:

find / -name httpd

What is Server API set to on phpinfo() output? It would be useful to see full output.

apologies, Joe. i misread your original comment and mixed up mod_security with mod_php.

ps – i just made a tiny contribution to webmin/virtualmin. i hope i used the correct website!

Ilia, Joe, you guys are totally fantastic.

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.