Jesse W. Asher wrote:
>
> I would like to log the contents of all POST requests passing through
> Apache in proxy mode. I'm especially interested in logging any instant
> messaging posts that are going through the server such as those that
> would go to Yahoo or AOL (AIM). Any pointers on how to do this with
> mod_security would be appreciated! Many thanks!!
Logging POST is trivial - look up "audit logging" in the manual.
However, I am not sure if IM programs actually use HTTP to
talk to the servers. They could be simply using the CONNECT
method to use Apache as a simple TCP/IP proxy, in which case
you won't get any of the traffic in the Apache audit log.
If this shows to be true you could either 1) use a TCP/IP
traffic logger or 2) write a custom Apache module to log
CONNECT traffic or 3) use something else as a proxy, which
comes with the logging feature built-in.
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
|
