apache 如何记录请求头,响应头和请求体
韩彦君
开发过程中,有时候往往需要知道浏览器和web服务器具体交互的数据,但是apache默认安装只记录url的数据,有没有什么办法来记录请求头,响应头和请求体的数据呢?
其实在apache中,有两种方法来实现此需求:1. mod_dumpio 模块; 2. mod_security2模块。
1. mod_dumpio
这种方式相对简单,因为apache自身就带了该mod,我们自需要打开它就可以了。
在httpd.conf 中,去掉:
#LoadModule dumpio_module modules/mod_dumpio.so
前面的#,随后添加:
DumpIOInput On
DumpIOOutput On
同时,为了输出到日志文件中,需要确保LogLevel改为debug。
LogLevel debug #apache 2.2
#LogLevel dumpio:trace7 #apache 2.4
重启apache, 这时就能在logs/error.log看到请求头,请求体:
[Fri Jul 31 16:20:20 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 16 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): GET / HTTP/1.1\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 17 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): Host: 127.0.0.1\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 79 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 73 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 33 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): Accept-Language: en-US,en;q=0.5\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 32 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): Accept-Encoding: gzip, deflate\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 27 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): Cookie: sdmenu_my_menu=10\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 24 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): Connection: keep-alive\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 30 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): Upgrade-Insecure-Requests: 1\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(113): mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_in (data-HEAP): 2 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_in (data-HEAP): \r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(142): mod_dumpio: dumpio_out
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_out (data-HEAP): 398 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_out (data-HEAP): HTTP/1.1 401 Authorization Required\r\nDate: Fri, 31 Jul 2020 08:20:21 GMT\r\nServer: Apache/2.2.22 (Win32) mod_ssl/2.2.22 OpenSSL/0.9.8l PHP/5.4.37\r\nWWW-Authenticate: Digest realm="hell", nonce="fEK8dbirBQA=4a863ac983662ddeba9792878aa8e567762410e5", algorithm=MD5, qop="auth"\r\nContent-Length: 401\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(142): mod_dumpio: dumpio_out
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(55): mod_dumpio: dumpio_out (data-HEAP): 401 bytes
[Fri Jul 31 16:20:21 2020] [debug] mod_dumpio.c(74): mod_dumpio: dumpio_out (data-HEAP): <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>401 Authorization Required</title>\n</head><body>\n<h1>Authorization Required</h1>\n<p>This server could not verify that you\nare authorized to access the document\nrequested. Either you supplied the wrong\ncredentials (e.g., bad password), or your\nbrowser doesn't understand how to supply\nthe credentials required.</p>\n</body></html>\n虽然可以看到,但是,很凌乱,是不是?有没有更好的办法?
这就是第二种方法的优势,mod_security2模块。
2. mod_security2
但是这种方式要复杂一些,因为原生apache不带有该mod,需要在网上去下载,我这里用的是modsecurity-apache_2.5.13
把它解压放于任何地方,比如d盘根目录下。
编译方法(vc6):
它需要如下的开发库:
libxml2-2.6.22.win32.zip
lua5_1_4_Win32_dll6_lib.zip
pcre(这个apach2.2 源代码带有,在srclib目录下)
iconv-1.9.2.win32.zip
我把这些库解压都放在apach2.2 源代码的srclib目录下,然后进入modsecurity-apache_2.5.1解压后的目录,进入其apache2目录下,找到Makefile.win,用任意文本编辑器打开它,然后在文件最前面添加:
# Path to Apache httpd installation
BASE = C:\Apache22
# Paths to required libraries
LIBXML2 = F:\apache_src\httpd-2.2.22\srclib\libxml2
LUA = F:\apache_src\httpd-2.2.22\srclib\lua5_1_4
PCRE = F:\apache_src\httpd-2.2.22\srclib\pcre
ICONV = F:\apache_src\httpd-2.2.22\srclib\iconv
同时在下面的LIBS和INCLUDES做对应的改动
最后编译:
nmake -f makefile.win编译成功,将在当前目录生成 mod_security2.so
把生成的mod_security2.so拷贝到apache的modules目录下,同时也要把mod_security2.so依赖的动态库拷贝到bin目录下:
zlib1.dll,libxml2.dll,iconv.dll
在httpd.conf添加:
<IfModule security2_module>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "200"
SecAuditLogParts ABIFHZ
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log
</IfModule>重启apache, 将在modsec_audit.log看到请求头请求体:
--29000000-A--
[30/Jul/2020:18:18:30 +0800] XyKedcCoMq8AABI8AAAAAAA@ 127.0.0.1 4804 127.0.0.1 80
--29000000-B--
GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: sdmenu_my_menu=10; think_language=en-US; PHPSESSID=8kk9rk7pidtorkq646sq5227p7
Authorization: Digest username="admin", realm="hell", nonce="LOg776WrBQA=ab9d2001189fb253c410e402976d8b428070fd59", uri="/", algorithm=MD5, response="92a34218a360845065fb78ddfc5e97a6", qop=auth, nc=0000001f, cnonce="ca416982a8e24798"
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
--29000000-F--
HTTP/1.1 200 OK
Authentication-Info: rspauth="ffddb9887d756fc62a3928695348bbff", cnonce="ca416982a8e24798", nc=0000001f, qop=auth
X-Powered-By: ThinkPHP
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private
Pragma: no-cache
Content-Length: 13568
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
--29000000-H--
Apache-Handler: application/x-httpd-php
Stopwatch: 1596104309062500 1437500 (0 0 1437500)
Producer: ModSecurity for Apache/2.5.13 (http://www.modsecurity.org/).
Server: Apache/2.2.22 (Win32) PHP/5.4.37 mod_ssl/2.2.22 OpenSSL/0.9.8l
--29000000-Z--
--ae720000-A--
[30/Jul/2020:18:18:30 +0800] XyKedsCoMq8AABI8AAoAAAA@ 127.0.0.1 4804 127.0.0.1 80
--ae720000-B--
GET /index.php/Index/AuthPic HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/
Cookie: sdmenu_my_menu=10; think_language=en-US; PHPSESSID=8kk9rk7pidtorkq646sq5227p7
Authorization: Digest username="admin", realm="hell", nonce="LOg776WrBQA=ab9d2001189fb253c410e402976d8b428070fd59", uri="/index.php/Index/AuthPic", algorithm=MD5, response="661af7828167c591563b4f4f97e7b8ef", qop=auth, nc=00000029, cnonce="9a433ba973c084e1"
Connection: keep-alive
Cache-Control: max-age=0
--ae720000-F--
HTTP/1.1 200 OK
Authentication-Info: rspauth="799ade5842950a3d623b4394c8be09d7", cnonce="9a433ba973c084e1", nc=00000029, qop=auth
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: max-age=1, s-maxage=1, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 675
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
--ae720000-H--
Apache-Handler: application/x-httpd-php
Stopwatch: 1596104310562500 203125 (0 0 -)
Producer: ModSecurity for Apache/2.5.13 (http://www.modsecurity.org/).
Server: Apache/2.2.22 (Win32) PHP/5.4.37 mod_ssl/2.2.22 OpenSSL/0.9.8l
--ae720000-Z--
这样是不是清晰的多!
可以在这里下已编译好的mod_security2.so和源代码
https://download.csdn.net/download/sstower/12676491
类似资料: