Apache by default logs the HTTP request method but not the request data itself. This is especially inadequate when troubleshooting POST requests as the details required are in the data that was sent with the request. These are some of the methods available to log POST request data in Apache:

Log POST request data in Apache using mod_dumpio

mod_dumpio is included by default in most Apache installations and could easily be configured as the followings;

  1. Enable dump_io module .
    $ sudo a2enmod dump_io

    The method could be different if you're not using Ubuntu or other Debian based Linux distribution.

  2. Put the logs in specific files to ease reading.
    CustomLog /var/log/httpd/website.log combined
    ErrorLog /var/log/httpd/website.error.log
  3. Enable debug logging.
    LogLevel debug
  4. Enable the module.
    DumpIOInput On
    DumpIOOutput On
    LogLevel dumpio:trace7

Log POST request data in Apache using mod_security

  1. Enable the module.
    SecRuleEngine On
    SecAuditEngine on
  2. Setup logging in a dedicated file.
    SecAuditLog /var/log/httpd/website-audit.log
  3. Allow it to access requests body.
    SecRequestBodyAccess on
    SecAuditLogParts ABIFHZ
  4. Setup default action.
    SecDefaultAction "nolog,noauditlog,allow,phase:2"
  5. Define the rule that will log the content of POST requests.
    SecRule REQUEST_METHOD "^POST$" "chain,allow,phase:2,id:123"
    SecRule REQUEST_URI ".*" "auditlog"

Log POST request data in Apache in application

Some POST request could be very big and take up too much space to log. Sensitive data that are sent in POST requests such as passwords or credit card information should not reside in log files. In these instances, you'll have to whether choose what POST data to log, or not log at all.

While this is not an Apache specific solution, the best way to do it is to log POST request data via your application. It's very flexible and you have granular control of what to log and what not to log. The caveat is that you'll have to code it and could be a bit of an extra work.

Guide compatibility:

Operating System
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 16.10 (Yakkety Yak)
Ubuntu 17.04 (Zesty Zapus)
Ubuntu 17.10 (Artful Aardvark)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 18.10 (Cosmic Cuttlefish)
Ubuntu 19.04 (Disco Dingo)
Discuss the article:

Share your thoughts, suggest corrections or just say Hi. Login not required.

Share!