• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » WordPress Security : Apache2 Module to Log HTTP POST Method

By Abhishek Ghosh March 14, 2019 6:18 pm Updated on March 14, 2019

WordPress Security : Apache2 Module to Log HTTP POST Method

Advertisement

Earlier we discussed about the HTTP POST method. Technically We Should Log HTTP Request Methods. Here is How to Apache Module to Log HTTP POST Method, As Example For WordPress Installation. After examination of few weeks log, we can block the malicious HTTP POST requests. This guide is for those who have installed Apache HTTPD server using our method.

Apache2 Module to Log HTTP POST Method

We say `apache2` instead of `apache` to remind that some of the commands are with `apache2` since first version of Apache 2.x. We are talking about Debian (Ubuntu) system. CentOS, REHL will have different commands.

 

How to Install Apache Module to Log HTTP POST Method

 

We have few modules for consideration. Two of them are official and has some documentation. First is `mod_dumpio` :

Advertisement

---

https://httpd.apache.org/docs/2.4/en/mod/mod_dumpio.html

Second is forensic log module (for other needs in depth) :

https://httpd.apache.org/docs/2.4/mod/mod_log_forensic.html

Third is `mod_security`, we already discussed about mod_security with fail2ban. With `mod_security` mudule we can use this format of config to catch POST :

# Enable the module.
SecRuleEngine On
SecAuditEngine on

# Setup logging in a dedicated file.
SecAuditLog /var/log/httpd/website-audit.log
# Allow it to access requests body.
SecRequestBodyAccess on
SecAuditLogParts ABIFHZ

# Setup default action.
SecDefaultAction "nolog,noauditlog,allow,phase:2"

# Define the rule that will log the content of POST requests.
SecRule REQUEST_METHOD "^POST$" "chain,allow,phase:2,id:123"
SecRule REQUEST_URI ".*" "auditlog

Forth is this module on GitHub :

https://github.com/danghvu/mod_dumpost

Normally Apache’s `mod_dumpio`. But it may conflict with other modules. Be careful for obvious reasons.
Note that `mod_dumpio` stops logging binary payloads at the first null character. For a multipart/form-data upload of a gzip’d file will probably only show the first few bytes with `mod_dumpio`. Also note that Apache might not mention this module even when it’s present in the modules folder. Just manually adding `LoadModule` will work fine.

SSH to your server. You can list, get info of the modules with these commands :

#
apache2ctl -M 
#
sudo apache2ctl -M | sort
# Enabled modules
ls /etc/apache2/mods-enabled/
#  Available modules
ls /etc/apache2/mods-available/

We can install the official modules with the below format of command :

#
sudo apt-get install [module-name]
#

To enable the `mod_dumpio` module, it should be loaded in to your running Apache configuration. Logging can then be enabled or disabled separately for input and output via the officially written directives. `mod_dumpio` needs to be configured to LogLevel trace7 (commonly used is default warn), here is info on LogLevel :


https://httpd.apache.org/docs/2.4/en/mod/core.html#loglevel


Our directive will be :


LogLevel dumpio:trace7

We can enable module with the command :

sudo a2enmod [module-name]

We can disble module with the command :

sudo a2dismod [module-name]

a2 enable and a2 diable. Easy to remember.

Our directives for config are :


DumpIOInput On
DumpIOOutput On

This is all about logging HTTP POST request. The `mod_dumpio` module infamously disturb and you must carefully test on dev server.

Tagged With apache php version , apache post module , Apache POST_MODULE , how to install dumpio module in apaches server

This Article Has Been Shared 233 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Orthopaedic Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to WordPress Security : Apache2 Module to Log HTTP POST Method

  • Best Tools For Web Server Log Processing & Statistics Running WordPress

    Commonly We Run One Server One WordPress Website Setup. Here Are Some Best Tools For Web Server Log Processing & Statistics Running WordPress Which Are Self-Hosted.

  • HTML5, WordPress and Cloud : What We Learnt From Redesign

    HTML5, WordPress and Cloud – with new redesign,not complete yet at the time of publishing this post we learnt important points with this old blog with 5K posts.

  • WordPress Lost Post Recovery Options on Cloud

    WordPress Lost Post Recovery Options Are Not Less in Number on Cloud, Even Without Backup Failure. If Your FTP Server is Running, Data Can Be Recovered.

  • Fail2Ban For Web Hosts Without Root Access (PHP Port of Fail2Ban)

    It is Possible to Use Fail2Ban For Web Hosts Without Root Access on Shared Servers of PasS. There is PHP Port of Fail2Ban.

  • Why MySQL Auto Restart Failing in WordPress Cloud Server

    Why MySQL Auto Restart Failing in WordPress Cloud Server Despite Your Efforts of Trying Various Optimization and Scripts to Auto-Restart?

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

You can subscribe to our Free Once a Day, Regular Newsletter by clicking the subscribe button below.

Click To Subscribe

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (20K Followers)
  • Twitter (4.9k Followers)
  • Facebook (5.8k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.2k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • A.I. Bingo Game for Teaching A.I. January 27, 2021
  • Blackjack Strategies, AI and Cognitive Science January 27, 2021
  • Wi-Fi for Old House With Thick Walls January 26, 2021
  • What is Inertial Navigation System? January 25, 2021
  • What is Miniaturization? January 24, 2021

 

About This Article

Cite this article as: Abhishek Ghosh, "WordPress Security : Apache2 Module to Log HTTP POST Method," in The Customize Windows, March 14, 2019, January 27, 2021, https://thecustomizewindows.com/2019/03/wordpress-security-apache2-module-to-log-http-post-method/.

Source:The Customize Windows, JiMA.in

 

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Cookie Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2021 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy