On Fri, Oct 30, 2015 at 10:36 AM, Scott Neville < scott.nevi...@bluestar-software.co.uk> wrote:
> I have a theory that one of the firewalls/gateways/routers is adding > something to the HTTP request headers (or maybe the body of the request) > which is making it too long for a GET request. Is there any way to trap all > of the HTTP requests and log them (with the full headers and the body), so > we can see if my theory holds true. Once I can prove or disprove this I can > take it to the people that look after the firewalls and ask them to fix. > Enable the dumpio module: LoadModule dumpio_module ${MODULE_DIR}/mod_dumpio.so # The basic LogLevel must be defined before the dumpio_module LogLevel. LogLevel debug <IfModule dumpio_module> DumpIOInput On DumpIOOutput Off LogLevel dumpio_module:trace7 </IfModule> This will produce a huge amount of output to the error log. I've got a pair of scripts, error_log_deinterleave and error_log_data_extract, that I use to reformat the dumpio data to produce output like this (from an actual request I logged this morning): =#= input =#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#= POST /xmlrpc.php HTTP/1.0 Host: www.skepticism.us User-Agent: Jetpack by WordPress.com Accept: */* Content-Length: 102 Content-Type: application/x-www-form-urlencoded <?xml version="1.0&"?><methodCall><methodName>demo.sayHello</methodName><params></params></methodCall> =#= input =#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#= Note that the dumpio module currently does not correctly handle zero (null) bytes. So if you want to capture binary data you'll want to use the fixed version I attached to this problem report: https://bz.apache.org/bugzilla/show_bug.cgi?id=57045 -- Kurtis Rader Caretaker of the exceptional canines Junior and Hank