WEB HOSTING SUPPORT NETWORK
     
 

Logging POST requests with mod_security

In case you wish to track or log POST requests handled by the Apache web server, you can do that on our servers with the help of mod_security. All you need is a log file and specific content in an .htaccess file. More details on this method is available on this website.

To enable the logging of POST requests on our servers, follow these steps:

  1. Create a log file in your website's directory. For a WordPress installation, you can create the file in the wp-content folder (e.g. ~/www/www/wp-content/post.log) using this SSH command:

    touch "/home/$USER/www/www/wp-content/post.log"
  2. Set the permissions of the file to 777:

    chmod 777 "/home/$USER/www/www/wp-content/post.log"
    Important: If you do not set the file permissions to 777, your website will return an internal server (500) error.

  3. Add the following content to your website's .htaccess file (e.g. ~/www/www/.htaccess) with the following SSH command:

    echo -e "\nSecAuditEngine On\nSecRequestBodyAccess On\nSecAuditLogParts ABCIJDEFHZ\nSecRule REQUEST_METHOD "POST" \"id:17,phase:2,t:none,pass,log,auditlog,msg:'Log POST data'\"\nSecAuditLog /home/$USER/www/www/wp-content/post.log" >> "/home/$USER/www/www/.htaccess"
    Alternatively, you can use the hosting Control Panel > File Manager section to add the following code manually to your website's .htaccess file:

    SecAuditEngine On
    SecRequestBodyAccess On
    SecAuditLogParts ABCIJDEFHZ
    SecRule REQUEST_METHOD "POST" "id:17,phase:2,t:none,pass,log,auditlog,msg:'Log POST data'"
    SecAuditLog /home/$USER/www/www/wp-content/post.log

    Note: With the File Manager method, you need to make sure you replace $USER with your hosting account's username.


  4. POST requests may contain sensitive or confidential information, and the log file where the requests will be stored will now be public. You can restrict public access to the log file by running the following SSH command:

    echo -e "\nRedirectMatch 403 ^/wp-content/post.log$" >> "/home/$USER/www/www/.htaccess"
    The command will add the following line of code to your website's .htaccess file, which will redirect visitors of the /wp-content/uploads/post.log file on your website to a 403 error page:

    RedirectMatch 403 ^/wp-content/post.log$

  5. That is it. All POST requests of the website will now be stored in the log file you created.