How to configure Apache to log POST request data

When troubleshooting web forms, API endpoints, or webhook callbacks, the difference between a working request and a failing one is often hidden in the POST body. Standard Apache access logs record the request line, status code, and timing, but omit payloads, leaving body-dependent bugs difficult to reproduce.

Logging request bodies in Apache is typically done with mod_dumpio, which dumps raw bytes from the request input and response output filter chains into the error log. With DumpIOInput enabled and the LogLevel for the dumpio module raised (commonly to trace7), each request that carries a body produces dumpio_in entries containing the received data.

Request bodies commonly include passwords, tokens, session identifiers, and personal data, so dumping them to logs is a high-risk debugging change that should be short-lived and tightly access-controlled. Because trace7 output can generate many log lines per request and fill disks quickly, revert the directives immediately after capturing the needed sample and confirm log rotation is functioning.

1. Enable the mod_dumpio module.

   $ sudo a2enmod dump_io
   Enabling module dump_io.
   To activate the new configuration, you need to run:
     systemctl restart apache2

   mod_dumpio writes to the error log, not the access log; the target file can be set per VirtualHost with the ErrorLog directive.

   Platform	Typical enablement
   Debian/Ubuntu layouts	Enable with a2enmod dump_io.
   Platforms without a2enmod	Load the module with LoadModule dumpio_module .../mod_dumpio.so (exact path varies by packaging).

   Related: How to enable or disable Apache modules

2. Open the site's VirtualHost configuration file.

   $ sudo vi /etc/apache2/sites-available/000-default.conf

   On Debian-style layouts, /etc/apache2/sites-enabled usually contains symlinks pointing at /etc/apache2/sites-available.

   Related: Location for Apache VirtualHost configuration files

3. Add DumpIOInput plus a module-specific LogLevel inside the matching VirtualHost block.

   <VirtualHost *:80>
     ##### snipped #####
    
     DumpIOInput On
     DumpIOOutput Off
     LogLevel warn dumpio:trace7
   </VirtualHost>

   Directive	Description
   DumpIOInput	Enables input logging so request bodies (such as POST data) are written to the error log.
   DumpIOOutput	Logs response output bytes when enabled; leaving it Off reduces noise and limits accidental data exposure.
   LogLevel	Raises verbosity for dumpio without forcing a global log level increase; trace7 is extremely verbose.

4. Save the configuration file and exit the editor.
5. Validate the Apache configuration syntax.

   $ sudo apache2ctl -t
   Syntax OK

   Related: How to test your Apache configuration

6. Restart Apache to apply the changes.

   $ sudo systemctl restart apache2

   On Fedora, CentOS, and RHEL the service name is typically httpd (sudo systemctl restart httpd).

   Related: How to manage the Apache web server service

7. Send a test POST request with a small body to the affected vhost.

   $ curl --request POST --data "field01=value01&field02=value02" --silent --output /dev/null --write-out "%{http_code}\n" http://127.0.0.1/
   200

8. Confirm the request body appears in the error log as a dumpio_in entry.

   $ sudo grep -F "field01=value01" /var/log/apache2/error.log
   [Sat Sep 02 07:22:55.645309 2023] [dumpio:trace7] [pid 3455:tid 281473037431072] mod_dumpio.c(100): [client 127.0.0.1:37492] mod_dumpio:  dumpio_in (data-HEAP): field01=value01&field02=value02

   If the file path differs, check the ErrorLog directive in the active VirtualHost and read that log instead of /var/log/apache2/error.log.

9. Revert the debug directives in the VirtualHost after capturing the needed sample.

   <VirtualHost *:80>
     ##### snipped #####
    
     LogLevel warn
   </VirtualHost>

   Leaving DumpIOInput enabled risks logging credentials and personal data, and trace7 output can fill disks quickly on busy sites.

10. Disable mod_dumpio after the debug session is complete.

    $ sudo a2dismod dump_io
    Module dump_io disabled.
    To activate the new configuration, you need to run:
      systemctl restart apache2

    Disabling the module while DumpIOInput directives remain in the config prevents Apache from starting with an “Invalid command” error.

11. Restart Apache to apply the cleanup.

    $ sudo systemctl restart apache2

    Related: How to manage the Apache web server service