en fr

Log POST data with apache

Posted on 2017-02-13 in Trucs et astuces

According to the manual, the easiest way to log the content of a POST request (for debugging purpose, in a production environment, it would increase the size of the logs and increase the probability to leak information) is to use the dumpio module. For Apache 2.4, all you should do is:

# Put the logs in specific files to ease reading.
CustomLog /var/log/httpd/website.log combined
ErrorLog /var/log/httpd/website.error.log

# Enable debug logging.
LogLevel debug

# Enable the module.
DumpIOInput On
DumpIOOutput On
LogLevel dumpio:trace7

Sadly, I never managed to make it work. Hopefully, there is another module which allows us to do that: mod_security. You should configure it as follows:

# Enable the module.
SecRuleEngine On
SecAuditEngine on

# Setup logging in a dedicated file.
SecAuditLog /var/log/httpd/website-audit.log
# Allow it to access requests body.
SecRequestBodyAccess on
SecAuditLogParts ABIFHZ

# Setup default action.
SecDefaultAction "nolog,noauditlog,allow,phase:2"

# Define the rule that will log the content of POST requests.
SecRule REQUEST_METHOD "^POST$" "chain,allow,phase:2,id:123"
SecRule REQUEST_URI ".*" "auditlog"

Source: https://www.technovelty.org/web/logging-post-requests-with-apache.html