We patched httpd deals to latest version to resolve vulnerabilities but appears to be there is still a vulnerability that Qualys is reporting /var/log/apache2/entry.log: By default, just about every request towards your Internet server is recorded in this log file Until Apache is configured to complete if not. As indicated https://www.hostscheap.com/apache-support-service