Given that security is an important consideration for a server I would like to update the apache web server.
Maybe. Did you check the changelist to see what's new? It seems like a possible XSS flaw in mod_negotiation and MultiViews (both of which can be configured in httpd.cond) and a local path escalation issue (which isn't exploitable remotely).
My point is that, yes, security is important, but that doesn't mean you have to jump all over every update.
Could someone please post the ./configure steps etc to do this?
This will show Apache's standard version data, including the compile options.
You may be able to ./configure the latest Apache 2.2.x version as a drop-in replacement for Apple's version, but may have more trouble with 2.4.x
If you really want 2.4.x then your best option is to install a parallel version in your own directory and run that, eschewing Apple's solution (including the GUI 'control').
Or are the differences to great that it would break the system? Why does Apache have two different versions for a product that does the same thing?
Apache have always maintained multiple versions/branches of httpd. 2.4 introduces new concepts and, potentially, incompatibilities. They maintain the previous version so that you can continue using (and trusting) it while newer versions are tested for compatibility. It's similar to how Apple continue to provide OS support for Lion even though Mountain Lion is the 'current' version.
Thanks. I was kinda hoping someone else had done the hard yards though as I am fairly new to this.
Agreed, sticking to the 2.2.x versions sounds a better way to go.
Doing a httpd -V reveals the following:
Server version: Apache/2.2.22 (Unix)
Server built: Aug 28 2012 17:47:11
Server's Module Magic Number: 20051115:30
Server loaded: APR 1.4.5, APR-Util 1.3.12
Compiled using: APR 1.4.5, APR-Util 1.3.12
Server MPM: Prefork
forked: yes (variable process count)
Server compiled with....
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)