Yep, modsecurity's audit_log can capture full request bodies if you desire and this would include the filename data from the multipart-form-data upload sections. You could also optionally intercept and make copies of uploaded files to store them locally. Thanks, Ryan C. Barnett ----- Original Message ----- From: Vincent Bray <noodlet@xxxxxxxxx> To: users@xxxxxxxxxxxxxxxx <users@xxxxxxxxxxxxxxxx> Sent: Wed Dec 12 21:14:24 2007 Subject: Re: log file upload On 13/12/2007, Jean-Christophe Roux <jcxxr@xxxxxxxxx> wrote: > The users of my site can upload images using regular html forms. I would > like to log the uploads so that I know such IP address at such time has > uploaded such file. This is the last part that I am unable to do. Going > through the docs on custom logs, I am not finding a solution. I could do > that from my cgi program but I'd rather Apache to do it. I am running Apache > 2.2 on Linux. Apache isn't able to do such logging as the filename is part of the POST request entity and not a request header. mod_security might help.. -- noodl --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx