Re: Apache HTTPD returning status code 413 (Apache Users)

On Fri, Oct 30, 2015 at 10:36 AM, Scott Neville <scott.neville@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

I have a theory that one of the firewalls/gateways/routers is adding something to the HTTP request headers (or maybe the body of the request) which is making it too long for a GET request. Is there any way to trap all of the HTTP requests and log them (with the full headers and the body), so we can see if my theory holds true. Once I can prove or disprove this I can take it to the people that look after the firewalls and ask them to fix.

Enable the dumpio module:

LoadModule dumpio_module ${MODULE_DIR}/mod_dumpio.so

# The basic LogLevel must be defined before the dumpio_module LogLevel.

LogLevel debug

DumpIOInput On

DumpIOOutput Off

LogLevel dumpio_module:trace7

</IfModule>

This will produce a huge amount of output to the error log. I've got a pair of scripts, error_log_deinterleave and error_log_data_extract, that I use to reformat the dumpio data to produce output like this (from an actual request I logged this morning):

=#= input =#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#=

POST /xmlrpc.php HTTP/1.0

Host: www.skepticism.us

User-Agent: Jetpack by WordPress.com

Accept: */*

Content-Length: 102

Content-Type: application/x-www-form-urlencoded

<?xml version="1.0&"?><methodCall><methodName>demo.sayHello</methodName><params></params></methodCall>

=#= input =#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#==#=

Note that the dumpio module currently does not correctly handle zero (null) bytes. So if you want to capture binary data you'll want to use the fixed version I attached to this problem report: https://bz.apache.org/bugzilla/show_bug.cgi?id=57045

Kurtis Rader

Caretaker of the exceptional canines Junior and Hank