Skip to content

Remove mod_log_forensic from apache::default_mods (#2573) #2601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Remove mod_log_forensic from apache::default_mods (#2573) #2601

wants to merge 1 commit into from

Conversation

stdietrich
Copy link
Contributor

@stdietrich stdietrich commented Jul 25, 2025
edited
Loading

Summary

mod_log_forensic should not be included by default, as the module has security implications and might leak sensitive information from headers incl. passwords.

Upstream documentation also warns about this:
https://httpd.apache.org/docs/2.4/mod/mod_log_forensic.html#security

Additional Context

The default installation through this module should be secure, mod_log_forensics weakens this.

Related Issues (if any)

Fixes #2573

Checklist

  • 🟢 Spec tests.
  • 🟢 Acceptance tests.
  • Manually verified. (For example puppet apply)

@stdietrich
Remove mod_log_forensic from apache::default_mods (puppetlabs#2573)
6b11236 
mod_log_forensic should not be included by default, as the module has
security implications and might leak sensitive information from headers
incl. passwords.

Upstream documentation also warns about this:
https://httpd.apache.org/docs/2.4/mod/mod_log_forensic.html#security
@stdietrich stdietrich requested review from bastelfreak, ekohl, smortex and a team as code owners July 25, 2025 19:19
@CLAassistant
Copy link

CLAassistant commented Jul 25, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@TheMeier
Copy link

Wa added in stdietrich@0f06f1b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak Awaiting requested review from bastelfreak bastelfreak is a code owner

@ekohl ekohl Awaiting requested review from ekohl ekohl is a code owner

@smortex smortex Awaiting requested review from smortex smortex is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

forensics module should not installed by default
3 participants
@stdietrich @CLAassistant @TheMeier