Capture POST data sent to apache / wordpress etc

Posted on 25 October 2020 by m

apt update -y
apt upgrade -y
apt install libapache2-mod-security2
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

& Change these entries in the modsecurity.conf file;

  SecRuleEngine On
  SecRuleEngine DetectionOnly
  SecAuditEngine RelevantOnly
  SecAuditLog /var/log/apache2/modsec_audit.log
  SecDebugLog /var/log/apache2/modsec_debug.log
  SecDebugLogLevel 0
  SecRequestBodyAccess On
  SecDataDir /tmp
  SecTmpDir /tmp
  SecPcreMatchLimit 250000
  SecPcreMatchLimitRecursion 250000

You’ll find the POST data in the modsec_debug.log (and a mass of other data so maybe don’t enable on a busy site?)

Leave a Reply Cancel reply