From 6b11236e0949de93660830b9929aad03510db754 Mon Sep 17 00:00:00 2001
From: Stefan Dietrich <stefan.dietrich@desy.de>
Date: Fri, 25 Jul 2025 21:13:08 +0200
Subject: [PATCH] Remove mod_log_forensic from apache::default_mods (#2573)

mod_log_forensic should not be included by default, as the module has
security implications and might leak sensitive information from headers
incl. passwords.

Upstream documentation also warns about this:
https://httpd.apache.org/docs/2.4/mod/mod_log_forensic.html#security
---
 manifests/default_mods.pp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp
index 50f04ba26..845dedd9b 100644
--- a/manifests/default_mods.pp
+++ b/manifests/default_mods.pp
@@ -120,7 +120,6 @@
     include apache::mod::negotiation
     include apache::mod::setenvif
     include apache::mod::auth_basic
-    include apache::mod::log_forensic
 
     # filter is needed by mod_deflate
     include apache::mod::filter