apache 如何记录请求头，响应头和请求体

开发过程中，有时候往往需要知道浏览器和web服务器具体交互的数据，但是apache默认安装只记录url的数据，有没有什么办法来记录请求头，响应头和请求体的数据呢？

其实在apache中，有两种方法来实现此需求：1. mod_dumpio 模块; 2. mod_security2模块。

1. mod_dumpio

这种方式相对简单，因为apache自身就带了该mod,我们自需要打开它就可以了。

在httpd.conf 中，去掉：

#LoadModule dumpio_module modules/mod_dumpio.so

前面的#，随后添加：

DumpIOInput On
DumpIOOutput On

同时，为了输出到日志文件中，需要确保LogLevel改为debug。
LogLevel debug                       #apache 2.2

#LogLevel dumpio:trace7        #apache 2.4

重启apache, 这时就能在logs/error.log看到请求头，请求体：

[Fri Jul 31 16:20:20 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 16 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): GET / HTTP/1.1\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 17 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): Host: 127.0.0.1\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 79 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 73 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 33 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): Accept-Language: en-US,en;q=0.5\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 32 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): Accept-Encoding: gzip, deflate\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 27 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): Cookie: sdmenu_my_menu=10\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 24 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): Connection: keep-alive\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 30 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): Upgrade-Insecure-Requests: 1\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_in (data-HEAP): 2 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_in (data-HEAP): \r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(142): mod_dumpio: dumpio_out
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_out (data-HEAP): 398 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_out (data-HEAP): HTTP/1.1 401 Authorization Required\r\nDate: Fri, 31 Jul 2020 08:20:21 GMT\r\nServer: Apache/2.2.22 (Win32) mod_ssl/2.2.22 OpenSSL/0.9.8l PHP/5.4.37\r\nWWW-Authenticate: Digest realm="hell", nonce="fEK8dbirBQA=4a863ac983662ddeba9792878aa8e567762410e5", algorithm=MD5, qop="auth"\r\nContent-Length: 401\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(142): mod_dumpio: dumpio_out
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio:  dumpio_out (data-HEAP): 401 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio:  dumpio_out (data-HEAP): \n\n\n\n
Authorization Required
\n
This server could not verify that you\nare authorized to access the document\nrequested.  Either you supplied the wrong\ncredentials (e.g., bad password), or your\nbrowser doesn't understand how to supply\nthe credentials required.
\n\n

虽然可以看到，但是，很凌乱，是不是？有没有更好的办法？

这就是第二种方法的优势，mod_security2模块。

2. mod_security2

但是这种方式要复杂一些，因为原生apache不带有该mod,需要在网上去下载，我这里用的是modsecurity-apache_2.5.13

把它解压放于任何地方，比如d盘根目录下。

编译方法(vc6)：

它需要如下的开发库：

libxml2-2.6.22.win32.zip

lua5_1_4_Win32_dll6_lib.zip

pcre(这个apach2.2 源代码带有，在srclib目录下）

iconv-1.9.2.win32.zip

我把这些库解压都放在apach2.2 源代码的srclib目录下，然后进入modsecurity-apache_2.5.1解压后的目录，进入其apache2目录下，找到Makefile.win，用任意文本编辑器打开它，然后在文件最前面添加：

# Path to Apache httpd installation
BASE = C:\Apache22

# Paths to required libraries
LIBXML2 = F:\apache_src\httpd-2.2.22\srclib\libxml2
LUA = F:\apache_src\httpd-2.2.22\srclib\lua5_1_4
PCRE = F:\apache_src\httpd-2.2.22\srclib\pcre
ICONV = F:\apache_src\httpd-2.2.22\srclib\iconv

同时在下面的LIBS和INCLUDES做对应的改动

最后编译：

nmake -f makefile.win

编译成功，将在当前目录生成 mod_security2.so

把生成的mod_security2.so拷贝到apache的modules目录下，同时也要把mod_security2.so依赖的动态库拷贝到bin目录下：

zlib1.dll，libxml2.dll，iconv.dll

在httpd.conf添加：

	SecRuleEngine On
	SecRequestBodyAccess On
	SecResponseBodyAccess On

	SecAuditEngine RelevantOnly
	SecAuditLogRelevantStatus "200"
	SecAuditLogParts ABIFHZ
	SecAuditLogType Serial
	SecAuditLog logs/modsec_audit.log

重启apache, 将在modsec_audit.log看到请求头请求体：

--29000000-A--
[30/Jul/2020:18:18:30 +0800] XyKedcCoMq8AABI8AAAAAAA@ 127.0.0.1 4804 127.0.0.1 80
--29000000-B--
GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: sdmenu_my_menu=10; think_language=en-US; PHPSESSID=8kk9rk7pidtorkq646sq5227p7
Authorization: Digest username="admin", realm="hell", nonce="LOg776WrBQA=ab9d2001189fb253c410e402976d8b428070fd59", uri="/", algorithm=MD5, response="92a34218a360845065fb78ddfc5e97a6", qop=auth, nc=0000001f, cnonce="ca416982a8e24798"
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

--29000000-F--
HTTP/1.1 200 OK
Authentication-Info: rspauth="ffddb9887d756fc62a3928695348bbff", cnonce="ca416982a8e24798", nc=0000001f, qop=auth
X-Powered-By: ThinkPHP
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private
Pragma: no-cache
Content-Length: 13568
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

--29000000-H--
Apache-Handler: application/x-httpd-php
Stopwatch: 1596104309062500 1437500 (0 0 1437500)
Producer: ModSecurity for Apache/2.5.13 (http://www.modsecurity.org/).
Server: Apache/2.2.22 (Win32) PHP/5.4.37 mod_ssl/2.2.22 OpenSSL/0.9.8l

--29000000-Z--

--ae720000-A--
[30/Jul/2020:18:18:30 +0800] XyKedsCoMq8AABI8AAoAAAA@ 127.0.0.1 4804 127.0.0.1 80
--ae720000-B--
GET /index.php/Index/AuthPic HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/
Cookie: sdmenu_my_menu=10; think_language=en-US; PHPSESSID=8kk9rk7pidtorkq646sq5227p7
Authorization: Digest username="admin", realm="hell", nonce="LOg776WrBQA=ab9d2001189fb253c410e402976d8b428070fd59", uri="/index.php/Index/AuthPic", algorithm=MD5, response="661af7828167c591563b4f4f97e7b8ef", qop=auth, nc=00000029, cnonce="9a433ba973c084e1"
Connection: keep-alive
Cache-Control: max-age=0

--ae720000-F--
HTTP/1.1 200 OK
Authentication-Info: rspauth="799ade5842950a3d623b4394c8be09d7", cnonce="9a433ba973c084e1", nc=00000029, qop=auth
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: max-age=1, s-maxage=1, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 675
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png

--ae720000-H--
Apache-Handler: application/x-httpd-php
Stopwatch: 1596104310562500 203125 (0 0 -)
Producer: ModSecurity for Apache/2.5.13 (http://www.modsecurity.org/).
Server: Apache/2.2.22 (Win32) PHP/5.4.37 mod_ssl/2.2.22 OpenSSL/0.9.8l

--ae720000-Z--

这样是不是清晰的多！

可以在这里下已编译好的mod_security2.so和源代码

https://download.csdn.net/download/sstower/12676491