Sometimes you may need to log all POST requests to debug or make ModSecurity rules to protect Web Server. For this you need that you have ModSecurity installed on server.
Log POST data
This simple rule logging all POST request data to ModSecurity AuditLog.
SecRule REQUEST_METHOD "POST" \ "id:800000,phase:2,t:none,pass,nolog,auditlog,msg:'Malware.Expert - Log POST data'"
This cause lot of logging data to ModSecurity Audit Log file, which comes very big if you have lots of traffic to web server or it is a production server.
Log POST data from specific URL
If you don’t want to log all POST requests, you can log only from specific url.
SecRule REQUEST_METHOD "POST" \ "id:800000,phase:2,t:none,chain,pass,nolog,auditlog,msg:'Log WordPress admin-ajax.php data'" SecRule REQUEST_URI "/wp-admin/admin-ajax\.php" "t:none"
ModSecurity Configuration you can choose, what data you want to AuditLog files. Read More in AuditLog
Commercial ModSecurity Rules
Read more about Malware Expert – ModSecurity rules and protect your web server vulnerabilities with Web Application Firewall.