Sometimes you just want to see what someone is sending to your website. But how? Access logs by themselves can be pretty vanilla, you can see that a user made a POST request, but what exactly did they send?
You can see what's in the POST request by using the dumpio module for Apache
# a2enmod dump_io
Restart Apache after enabling the module.
#systemctl restart apache2
Now enable the module on the domain you are interested in by updating the vhosts file:
DumpIOInput On DumpIOOutput On LogLevel dumpio:trace7
It will sit inside your <virtualhost> directive, so something like this:
<VirtualHost *:443> ServerAdmin ... DocumentRoot ... ErrorLog ... CustomLog ... DumpIOInput On DumpIOOutput On LogLevel dumpio:trace7 </VirtualHost>
Restart apache
#systemctl restart apache2
Test it by sending a post request to your site. You can do this using something like curl:
# curl -d "user=user1&pass=abcd" -X POST https://defragged.org/
Now parse your error log to find the output:
# cat /var/log/apache2/defragged.error.log | grep "user1"
Should see something like this:
[Tue May 11 20:14:17.972056 2021] [dumpio:trace7] [pid 10215] mod_dumpio.c(103): [client [ip-address]:56886] mod_dumpio: dumpio_in (data-TRANSIENT): user=user1&pass=abcd This serves as a great administration tool for network / site / security administrators trying to understand what users are doing on their website.