Apache by default logs incoming HTTP requests but not everything about the request is logged. Below is an example request, Apache's CustomLog directive and the correspnding log that it captures:

GET /apache/log-post?field01=value01&field02=value02 HTTP/1.1
Host: simplified.guide
Content-Type: application/x-www-form-urlencoded
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
52.46.36.182 - - [30/Jan/2020:18:04:53 +0000] "GET /apache/log-post?field01=value01&field02=value02 HTTP/1.1" 200 13375 "-" "Amazon CloudFront"

HTTP GET requests consist of the URL and query string combination (/apache/log-post?field01=value01&field02=value02 in the above example) and is fully logged. POST requests however sends the data in the request body while only the URL (/apache/log-post) is logged and the request body is not.

This means that in order to fully log a POST request, you'll need to also log the body of an HTTP request.

Steps to log HTTP request body in Apache:

  1. Enable dumpio module for Apache.
    $ sudo a2enmod dump_io # Ubuntu and Debian
    Enabling module dump_io.
    To activate the new configuration, you need to run:
      systemctl restart apache2
    $ sudo a2enmod dumpio # SUSE
    • Distribution with a2enmod support can simply run the command above without having to manually enable the required modules.
    • Fedora, CentOS and Red Hat enables the module by default so requires no manual action to enable the modules.
    Options Debian, Ubuntu openSUSE and SLES Fedora Core, CentOS, RHEL macOS homebrew xampp
    a2enmod support yes yes no no no no
    Modules to install none
    Module name n/a dumpio
    Loadmodule directive n/a LoadModule dumpio_module <module_locations>/mod_dumpio.so
  2. Open Apache's configuration file using your preferred text editor.
    $ sudo vi /etc/apache2/httpd.conf

    Configure the below steps/lines in a VirtualHost directive to apply the logging configuration only to a specific VirtualHost configuration.

  3. Turn on the related modules.
    DumpIOInput On
    DumpIOOutput On
  4. Set the LogLevel to dumpio:trace7.
    LogLevel dumpio:trace7

  5. Restart Apache for the changes to take effect.
  6. Create an HTTP POST request with dummy data in the request body to test.
    $ curl -XPOST --data "field01=value01&field02=value02" 127.0.0.1
  7. Check Apache's error log to see the logged HTTP request body.
    $ sudo grep field01  /var/log/apache2/error.log
    [Sun Feb 02 01:46:13.062838 2020] [dumpio:trace7] [pid 21080] mod_dumpio.c(100): [client 127.0.0.1:47386] mod_dumpio:  dumpio_in (data-HEAP): field01=value01&field02=value02

Guide compatibility:

Operating System
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 16.10 (Yakkety Yak)
Ubuntu 17.04 (Zesty Zapus)
Ubuntu 17.10 (Artful Aardvark)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 18.10 (Cosmic Cuttlefish)
Ubuntu 19.04 (Disco Dingo)
Discuss the article:

Comment anonymously. Login not required.

Share!