On Fri, Oct 30, 2015 at 10:36 AM, Scott Neville <
scott.nevi...@bluestar-software.co.uk> wrote:
> I have a theory that one of the firewalls/gateways/routers is adding
> something to the HTTP request headers (or maybe the body of the request)
> which is making it too long for a GET request. Is there any way to trap all
> of the HTTP requests and log them (with the full headers and the body), so
> we can see if my theory holds true. Once I can prove or disprove this I can
> take it to the people that look after the firewalls and ask them to fix.
>
Enable the dumpio module:
LoadModule dumpio_module ${MODULE_DIR}/mod_dumpio.so
# The basic LogLevel must be defined before the dumpio_module LogLevel.
LogLevel debug
<IfModule dumpio_module>
DumpIOInput On
DumpIOOutput Off
LogLevel dumpio_module:trace7
</IfModule>
This will produce a huge amount of output to the error log. I've got a pair
of scripts, error_log_deinterleave and error_log_data_extract, that I use
to reformat the dumpio data to produce output like this (from an actual
request I logged this morning):
=#= input
=#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#=
POST /xmlrpc.php HTTP/1.0
Host: www.skepticism.us
User-Agent: Jetpack by WordPress.com
Accept: */*
Content-Length: 102
Content-Type: application/x-www-form-urlencoded
<?xml
version="1.0&"?><methodCall><methodName>demo.sayHello</methodName><params></params></methodCall>
=#= input
=#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#=
Note that the dumpio module currently does not correctly handle zero (null)
bytes. So if you want to capture binary data you'll want to use the fixed
version I attached to this problem report:
https://bz.apache.org/bugzilla/show_bug.cgi?id=57045
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
