Sometimes you just want to see what someone is sending to your website. But how? Access logs by themselves can be pretty vanilla, you can see that a user made a POST request, but what exactly did they send?
Caution: This could include sensitive information like log in credentials, credit card information, and other sensitive data. Oh yeah, it will create massive log files that could create Disk I/O issues as well. Recommend doing this in a testing, troubleshooting, capacity only.
DumpIO Module for Apache
You can see what’s in the POST request by using the dumpio module for Apache
# a2enmod dump_ioNote: Fedora, CentOS and Red Hat enable this module by default.
Restart Apache after enabling the module.
# systemctl restart apache2Configure DumpIO Module
Now enable the module on the domain you are interested in by updating the vhosts file
DumpIOInput On
DumpIOOutput On
LogLevel dumpio:trace7It will sit inside your <virtualhost> directive, so something like this:
<VirtualHost *:443>
ServerAdmin ...
DocumentRoot ...
ErrorLog ...
CustomLog ...
DumpIOInput On
DumpIOOutput On
LogLevel dumpio:trace7
</VirtualHost>Restart apache
#systemctl restart apache2Confirm Module is Working
Test it by sending a post request to your site. You can do this using something like curl:
# curl -d "user=user1&pass=abcd" -X POST https://defragged.org/Now parse your error log to find the output:
# cat /var/log/apache2/defragged.error.log | grep "user1"Should see something like this:
[Tue May 11 20:14:17.972056 2021] [dumpio:trace7] [pid 10215] mod_dumpio.c(103): [client [ip-address]:56886] mod_dumpio: dumpio_in (data-TRANSIENT): user=user1&pass=abcd This serves as a great administration tool for network / site / security administrators trying to understand what users are doing on their website.