• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » WordPress Security : Apache2 Module to Log HTTP POST Method

By Abhishek Ghosh March 14, 2019 6:18 pm Updated on March 14, 2019

WordPress Security : Apache2 Module to Log HTTP POST Method

Advertisement

Earlier we discussed about the HTTP POST method. Technically We Should Log HTTP Request Methods. Here is How to Apache Module to Log HTTP POST Method, As Example For WordPress Installation. After examination of few weeks log, we can block the malicious HTTP POST requests. This guide is for those who have installed Apache HTTPD server using our method.

Apache2 Module to Log HTTP POST Method

We say `apache2` instead of `apache` to remind that some of the commands are with `apache2` since first version of Apache 2.x. We are talking about Debian (Ubuntu) system. CentOS, REHL will have different commands.

 

How to Install Apache Module to Log HTTP POST Method

 

We have few modules for consideration. Two of them are official and has some documentation. First is `mod_dumpio` :

Advertisement

---

https://httpd.apache.org/docs/2.4/en/mod/mod_dumpio.html

Second is forensic log module (for other needs in depth) :

https://httpd.apache.org/docs/2.4/mod/mod_log_forensic.html

Third is `mod_security`, we already discussed about mod_security with fail2ban. With `mod_security` mudule we can use this format of config to catch POST :

# Enable the module.
SecRuleEngine On
SecAuditEngine on

# Setup logging in a dedicated file.
SecAuditLog /var/log/httpd/website-audit.log
# Allow it to access requests body.
SecRequestBodyAccess on
SecAuditLogParts ABIFHZ

# Setup default action.
SecDefaultAction "nolog,noauditlog,allow,phase:2"

# Define the rule that will log the content of POST requests.
SecRule REQUEST_METHOD "^POST$" "chain,allow,phase:2,id:123"
SecRule REQUEST_URI ".*" "auditlog

Forth is this module on GitHub :

https://github.com/danghvu/mod_dumpost

Normally Apache’s `mod_dumpio`. But it may conflict with other modules. Be careful for obvious reasons.
Note that `mod_dumpio` stops logging binary payloads at the first null character. For a multipart/form-data upload of a gzip’d file will probably only show the first few bytes with `mod_dumpio`. Also note that Apache might not mention this module even when it’s present in the modules folder. Just manually adding `LoadModule` will work fine.

SSH to your server. You can list, get info of the modules with these commands :

#
apache2ctl -M 
#
sudo apache2ctl -M | sort
# Enabled modules
ls /etc/apache2/mods-enabled/
#  Available modules
ls /etc/apache2/mods-available/

We can install the official modules with the below format of command :

#
sudo apt-get install [module-name]
#

To enable the `mod_dumpio` module, it should be loaded in to your running Apache configuration. Logging can then be enabled or disabled separately for input and output via the officially written directives. `mod_dumpio` needs to be configured to LogLevel trace7 (commonly used is default warn), here is info on LogLevel :


https://httpd.apache.org/docs/2.4/en/mod/core.html#loglevel


Our directive will be :


LogLevel dumpio:trace7

We can enable module with the command :

sudo a2enmod [module-name]

We can disble module with the command :

sudo a2dismod [module-name]

a2 enable and a2 diable. Easy to remember.

Our directives for config are :


DumpIOInput On
DumpIOOutput On

This is all about logging HTTP POST request. The `mod_dumpio` module infamously disturb and you must carefully test on dev server.

Tagged With apache php version , apache post module , Apache POST_MODULE , how to install dumpio module in apaches server

This Article Has Been Shared 190 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to WordPress Security : Apache2 Module to Log HTTP POST Method

  • Best Tools For Web Server Log Processing & Statistics Running WordPress

    Commonly We Run One Server One WordPress Website Setup. Here Are Some Best Tools For Web Server Log Processing & Statistics Running WordPress Which Are Self-Hosted.

  • HTML5, WordPress and Cloud : What We Learnt From Redesign

    HTML5, WordPress and Cloud – with new redesign,not complete yet at the time of publishing this post we learnt important points with this old blog with 5K posts.

  • WordPress Lost Post Recovery Options on Cloud

    WordPress Lost Post Recovery Options Are Not Less in Number on Cloud, Even Without Backup Failure. If Your FTP Server is Running, Data Can Be Recovered.

  • Fail2Ban For Web Hosts Without Root Access (PHP Port of Fail2Ban)

    It is Possible to Use Fail2Ban For Web Hosts Without Root Access on Shared Servers of PasS. There is PHP Port of Fail2Ban.

  • Why MySQL Auto Restart Failing in WordPress Cloud Server

    Why MySQL Auto Restart Failing in WordPress Cloud Server Despite Your Efforts of Trying Various Optimization and Scripts to Auto-Restart?

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is ChatGPT? February 3, 2023
  • Zebronics Pixaplay 16 : Entry Level Movie Projector Review February 2, 2023
  • What is Voice User Interface (VUI) January 31, 2023
  • Proxy Server: Design Pattern in Programming January 30, 2023
  • Cyberpunk Aesthetics: What’s in it Special January 27, 2023

About This Article

Cite this article as: Abhishek Ghosh, "WordPress Security : Apache2 Module to Log HTTP POST Method," in The Customize Windows, March 14, 2019, February 5, 2023, https://thecustomizewindows.com/2019/03/wordpress-security-apache2-module-to-log-http-post-method/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT