14

I need to determine whether the server (Apache 2) is returning the full contents of a page along with its correct header or not. I have a PHP-script that is executed successfully, but the browser is getting only half of the html content, it's simply cut off.

The client infrastructure is pretty complicated, using Novell BorderManager Proxys and stuff. To ensure the server is doing its job fine I want to log both header and body of the reponse.

How can I achieve this? I looked into the mod_log_config module of apache (which is already installed and ready to be used), but honestly I didn't quite manage to configure it to output header and body somewhere.

edit: I managed to log the header with

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{HEADER_NAME}o\"" common2

CustomLog /var/log/apache2/response.log common2

But unfortunately the mod_log_config formats don't support the whole content body.

Update: I stumpled accross mod_dumpio which seems to do exactly that, but I can't get it to work so far :-(

Can anyone help?

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
acme
  • 677
  • 1
  • 8
  • 13

3 Answers3

5

in case you do not get any response body in your logs when using "Intended Response Body (E)"; eg.:

SecAuditLogParts ABCEFHZ

Make sure you also have activated the rule engine:

SecRuleEngine On

and check your settings for:

SecRequestBodyAccess On
SecResponseBodyAccess On
icc97
  • 1,030
  • 8
  • 16
Florian
  • 142
  • 1
  • 7
3

You can do this via mod_security, see the Documentation about Audit Log data format.

icc97
  • 1,030
  • 8
  • 16
weeheavy
  • 4,089
  • 1
  • 28
  • 41
  • 1
    Thanks, but the documentation says "Available audit log parts: [...] G – RESERVED for the actual response body, not implemented yet." – acme Dec 21 '10 at 11:30
  • You can use `E` or `I` because I linked an old doc. Newer is here: http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-data-formats.html#N10290 – weeheavy Dec 21 '10 at 12:30
  • 1
    I added this to httpd.conf: `SecAuditEngine On SecAuditLog /var/log/apache2/sec.log SecAuditLogParts ABEFGHZ`. I get some debugging infos, so it seems to work, but the response body is not shown. – acme Dec 21 '10 at 14:49
  • both the original link and the latest link to the doc were broken so I've put in a link to the latest. – icc97 Jan 16 '16 at 12:03
0

If you are only interested in the header then you can use the %{VARNAME}o variable.

See: https://httpd.apache.org/docs/current/mod/mod_log_config.html#page-header for the documentation.

KARASZI István
  • 217
  • 3
  • 13