Use Apache's mod_dumpio. Be careful for obvious reasons.

使用 Apache 的mod_dumpio。出于显而易见的原因要小心。

Note that mod_dumpio stops logging binary payloads at the first null character. For example a multipart/form-dataupload of a gzip'd file will probably only show the first few bytes with mod_dumpio.

请注意，mod_dumpio在第一个空字符处停止记录二进制负载。例如，multipart/form-data上传 gzip 文件可能只显示 mod_dumpio 的前几个字节。

Also note that Apache might not mention this module in httpd.confeven when it's present in the /modulesfolder. Just manually adding LoadModulewill work fine.

另请注意，httpd.conf即使该模块存在于/modules文件夹中，Apache 也可能不会提及该模块。只需手动添加即可LoadModule。

Though It's late to answer. This module can do: https://github.com/danghvu/mod_dumpost

虽然回答晚了。这个模块可以做：https: //github.com/danghvu/mod_dumpost

You can install mod_securityand put in /etc/modsecurity/modsecurity.conf:

您可以安装mod_security并放入/etc/modsecurity/modsecurity.conf：

SecRuleEngine On
SecAuditEngine On
SecAuditLog /var/log/apache2/modsec_audit.log
SecRequestBodyAccess on
SecAuditLogParts ABIJDFHZ

You can use [ModSecurity][1]to view POST data.

您可以使用[ModSecurity][1]来查看 POST 数据。

Install on Debian/Ubuntu:

在 Debian/Ubuntu 上安装：

$ sudo apt install libapache2-mod-security2

Use the recommended configuration file:

使用推荐的配置文件：

$ sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Reload Apache:

重新加载阿帕奇：

$ sudo service apache2 reload

You will now find your data logged under /var/log/apache2/modsec_audit.log

您现在会发现您的数据记录在 /var/log/apache2/modsec_audit.log

$ tail -f /var/log/apache2/modsec_audit.log
--2222229-A--
[23/Nov/2017:11:36:35 +0000] 
--2222229-B--
POST / HTTP/1.1
Content-Type: application/json
User-Agent: curl
Host: example.com

--2222229-C--
{"test":"modsecurity"}

Not exactly an answer, but I have never heard of a way to do this in Apache itself. I guess it might be possible with an extension module, but I don't know whether one has been written.

不完全是一个答案，但我从来没有听说过在 Apache 中做到这一点的方法。我想扩展模块可能是可能的，但我不知道是否已经编写了一个。

One concern is that POST data can be pretty large, and if you don't put some kind of limit on how much is being logged, you might run out of disk space after a while. It's a possible route for hackers to mess with your server.

一个问题是 POST 数据可能非常大，如果您不对记录的数据量设置某种限制，一段时间后您可能会耗尽磁盘空间。这是黑客弄乱您的服务器的可能途径。

I would do it in the application, actually. It's still configurable at runtime, depending on your logger system, of course. For example, if you use Apache Log (log4j/cxx) you could configure a dedicated logger for such URLs and then configure it at runtime from an XML file.

实际上，我会在应用程序中执行此操作。当然，它仍然可以在运行时进行配置，这取决于您的记录器系统。例如，如果您使用 Apache Log (log4j/cxx)，您可以为此类 URL 配置专用记录器，然后在运行时从 XML 文件配置它。

An easier option may be to log the POST data before it gets to the server. For web applications, I use Burp Proxyand set Firefox to use it as an HTTP/S proxy, and then I can watch (and mangle) data 'on the wire' in real time.

一个更简单的选择可能是在 POST 数据到达服务器之前记录它。对于 Web 应用程序，我使用Burp 代理并将 Firefox 设置为将其用作 HTTP/S 代理，然后我可以“在线”实时观察（和处理）数据。

For making API requests without a browser, SoapUI is very useful and may show similar info. I would bet that you could probably configure SoapUI to connect through Burp as well (just a guess though).

对于没有浏览器的 API 请求，SoapUI 非常有用并且可能会显示类似的信息。我敢打赌，您也可以将 SoapUI 配置为通过 Burp 进行连接（尽管只是猜测）。

You can also use the built-in forensic log feature.

您还可以使用内置的取证日志功能。