Best way to log POST data in Apache

Question

Imagine you have a site API that accepts data in the form of GET requests with parameters  or as POST requests  say  with standard url-encoded   amp -separated POST data    If you want to log and analyze API calls  the GET requests will be easy  because they will be in the apache log   Is there a simple way to get the POST data in the apache log as well      Of course we could log the POST data explicitly in the application  but I d like to have an configuration-level way that let me not worry about it in code

User · Answer

You can also use the built-in forensic log feature

User · Answer

Though It s late to answer  This module can do  https   github com danghvu mod dumpost

User · Answer

I would do it in the application  actually  It s still configurable at runtime  depending on your logger system  of course  For example  if you use Apache Log  log4j cxx  you could configure a dedicated logger for such URLs and then configure it at runtime from an XML file

User · Answer

An easier option may be to log the POST data before it gets to the server  For web applications  I use Burp Proxy and set Firefox to use it as an HTTP S proxy  and then I can watch  and mangle  data  on the wire  in real time    For making API requests without a browser  SoapUI is very useful and may show similar info  I would bet that you could probably configure SoapUI to connect through Burp as well  just a guess though

User · Answer

Use Apache s mod dumpio  Be careful for obvious reasons   Note that mod dumpio stops logging binary payloads at the first null character  For example a multipart form-data upload of a gzip d file will probably only show the first few bytes with mod dumpio    Also note that Apache might not mention this module in httpd conf even when it s present in the  modules folder  Just manually adding LoadModule will work fine

User · Answer

You can use  ModSecurity  1  to view POST data   Install on Debian Ubuntu     sudo apt install libapache2-mod-security2   Use the recommended configuration file     sudo mv  etc modsecurity modsecurity conf-recommended  etc modsecurity modsecurity conf   Reload Apache     sudo service apache2 reload     You will now find your data logged under  var log apache2 modsec audit log    tail -f  var log apache2 modsec audit log --2222229-A--  23 Nov 2017 11 36 35  0000   --2222229-B-- POST   HTTP 1 1 Content-Type  application json User-Agent  curl Host  example com  --2222229-C--   test   modsecurity

User · Answer

Not exactly an answer  but I have never heard of a way to do this in Apache itself  I guess it might be possible with an extension module  but I don t know whether one has been written    One concern is that POST data can be pretty large  and if you don t put some kind of limit on how much is being logged  you might run out of disk space after a while  It s a possible route for hackers to mess with your server

User · Answer

You can install mod security and put in  etc modsecurity modsecurity conf   SecRuleEngine On SecAuditEngine On SecAuditLog  var log apache2 modsec audit log SecRequestBodyAccess on SecAuditLogParts ABIJDFHZ

[logging] Best way to log POST data in Apache?

Examples related to logging

Examples related to apache

Examples related to apache-config