How to get mod_security to log all POST data?

apache-2.2 mod-security

Solution 1:

Have a rule which turns on the AuditEngine for POST requests.

Something like this (untested):

SecRule REQUEST_METHOD "POST" "id:1000,phase:2,ctl:auditEngine=On,nolog,pass"

Ctl actions only affect the current request so afterwards it will reset back to RelevantOnly for the next request.

You can also create Sanitise rules to ensure sensitive data like passwords and credit card data is masked before logging. See here: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#sanitiseArg

Related

When using thin-provisioning with ZFS, how do you make sure you don't run out of physical disk space?
ProFTP Won't Return Directory Listing
Should Production Windows Web Servers (IIS & SQL) be in a domain?
Can a VM perform better when only two cores instead of four cores are presented to it?
PXE boot FreeBSD iso from pxelinux server
Reinstall MySql AND keep existing database tables and data
Take screenshot from server screen while disconnected from RDP
Is Selling Old Cisco Routers a Security Issue?
Unable to remove limit on memory usage for PHP script
Windows 2008 Server SP2 64bit - TCP Connections never releasing after TIME_WAIT
Should I be using LVM snapshots along with rsnapshot?
Processing Conflict: mysql55w-libs-5.5.36-3.w6.x86_64 conflicts mysql-libs < 5.5