From 81c3eb288de62d4ffcb881f6dd65230accc7b4ad Mon Sep 17 00:00:00 2001 From: Stefan Dietrich Date: Fri, 25 Jul 2025 21:13:08 +0200 Subject: [PATCH] Remove mod_log_forensic from apache::default_mods (#2573) mod_log_forensic should not be included by default, as the module has security implications and might leak sensitive information from headers incl. passwords. Upstream documentation also warns about this: https://httpd.apache.org/docs/2.4/mod/mod_log_forensic.html#security --- manifests/default_mods.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 4c092e7186..7b3a8b34af 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -119,7 +119,6 @@ include apache::mod::negotiation include apache::mod::setenvif include apache::mod::auth_basic - include apache::mod::log_forensic # filter is needed by mod_deflate include apache::mod::filter