Re: [mod-security-users] Routinely logging POST data?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Routinely logging POST data?
|
From: Ivan R. <iv...@we...> - 2006-02-07 10:11:27
|
Jesse W. Asher wrote: > > I would like to log the contents of all POST requests passing through > Apache in proxy mode. I'm especially interested in logging any instant > messaging posts that are going through the server such as those that > would go to Yahoo or AOL (AIM). Any pointers on how to do this with > mod_security would be appreciated! Many thanks!! Logging POST is trivial - look up "audit logging" in the manual. However, I am not sure if IM programs actually use HTTP to talk to the servers. They could be simply using the CONNECT method to use Apache as a simple TCP/IP proxy, in which case you won't get any of the traffic in the Apache audit log. If this shows to be true you could either 1) use a TCP/IP traffic logger or 2) write a custom Apache module to log CONNECT traffic or 3) use something else as a proxy, which comes with the logging feature built-in. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
