How to log POST request data in Apache

Apache by default logs incoming HTTP requests but not everything about the request is logged. Below is an example request, Apache's CustomLog directive and the correspnding log that it captures:

GET /apache/log-post?field01=value01&field02=value02 HTTP/1.1
Host: simplified.guide
Content-Type: application/x-www-form-urlencoded

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

52.46.36.182 - - [30/Jan/2020:18:04:53 +0000] "GET /apache/log-post?field01=value01&field02=value02 HTTP/1.1" 200 13375 "-" "Amazon CloudFront"

HTTP GET requests consist of the URL and query string combination (/apache/log-post?field01=value01&field02=value02 in the above example) and is fully logged. POST requests however sends the data in the request body while only the URL (/apache/log-post) is logged and the request body is not.

This means that in order to fully log a POST request, you'll need to also log the body of an HTTP request.

Steps to log HTTP request body in Apache:

Enable dumpio module for Apache.

$ sudo a2enmod dump_io # Ubuntu and Debian
Enabling module dump_io.
To activate the new configuration, you need to run:
  systemctl restart apache2
$ sudo a2enmod dumpio # SUSE

Distribution with a2enmod support can simply run the command above without having to manually enable the required modules.
Fedora, CentOS and Red Hat enables the module by default so requires no manual action to enable the modules.

How to enable or disable Apache modules

Options	Debian, Ubuntu	openSUSE and SLES	Fedora Core, CentOS, RHEL	macOS	homebrew	xampp
a2enmod support	yes	yes	no	no	no	no
Modules to install	none
Module name	n/a			dumpio
Loadmodule directive	n/a			LoadModule dumpio_module <module_locations>/mod_dumpio.so

Open Apache's configuration file using your preferred text editor.
```
$ sudo vi /etc/apache2/httpd.conf
```
Configure the below steps/lines in a VirtualHost directive to apply the logging configuration only to a specific VirtualHost configuration.

Location for Apache VirtualHost configuration files
Turn on the related modules.
```
DumpIOInput On
DumpIOOutput On
```
Set the LogLevel to dumpio:trace7.
```
LogLevel dumpio:trace7
```
Restart Apache for the changes to take effect.

How to start, restart and stop Apache service
Create an HTTP POST request with dummy data in the request body to test.
```
$ curl -XPOST --data "field01=value01&field02=value02" 127.0.0.1
```

Check Apache's error log to see the logged HTTP request body.

$ sudo grep field01  /var/log/apache2/error.log
[Sun Feb 02 01:46:13.062838 2020] [dumpio:trace7] [pid 21080] mod_dumpio.c(100): [client 127.0.0.1:47386] mod_dumpio:  dumpio_in (data-HEAP): field01=value01&field02=value02

Guide compatibility:

Operating System
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 16.10 (Yakkety Yak)
Ubuntu 17.04 (Zesty Zapus)
Ubuntu 17.10 (Artful Aardvark)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 18.10 (Cosmic Cuttlefish)
Ubuntu 19.04 (Disco Dingo)

Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.

Discuss the article:

Comment anonymously. Login not required.