Apache by default logs the HTTP request method but not the request data itself. This is especially inadequate when troubleshooting POST requests as the details required are in the data that was sent with the request. These are some of the methods available to log POST request data in Apache:
mod_dumpio is included by default in most Apache installations and could easily be configured as the followings;
dump_io module . $ sudo a2enmod dump_io
The method could be different if you're not using Ubuntu or other Debian based Linux distribution.
CustomLog /var/log/httpd/website.log combined ErrorLog /var/log/httpd/website.error.log
LogLevel debug
DumpIOInput On DumpIOOutput On LogLevel dumpio:trace7
SecRuleEngine On SecAuditEngine on
SecAuditLog /var/log/httpd/website-audit.log
SecRequestBodyAccess on
SecAuditLogParts ABIFHZ
SecDefaultAction "nolog,noauditlog,allow,phase:2"
SecRule REQUEST_METHOD "^POST$" "chain,allow,phase:2,id:123" SecRule REQUEST_URI ".*" "auditlog"
Some POST request could be very big and take up too much space to log. Sensitive data that are sent in POST requests such as passwords or credit card information should not reside in log files. In these instances, you'll have to whether choose what POST data to log, or not log at all.
While this is not an Apache specific solution, the best way to do it is to log POST request data via your application. It's very flexible and you have granular control of what to log and what not to log. The caveat is that you'll have to code it and could be a bit of an extra work.
Guide compatibility:
| Operating System |
|---|
| Ubuntu 16.04 LTS (Xenial Xerus) |
| Ubuntu 16.10 (Yakkety Yak) |
| Ubuntu 17.04 (Zesty Zapus) |
| Ubuntu 17.10 (Artful Aardvark) |
| Ubuntu 18.04 LTS (Bionic Beaver) |
| Ubuntu 18.10 (Cosmic Cuttlefish) |
| Ubuntu 19.04 (Disco Dingo) |