Logging body content

Hi all.

I am trying to log the request body with haproxy like this:

capture request header User-Agent len 400
capture request header Host len 150
http-request capture req.body len 10000
capture request header authorization len 80
capture request header X-Client-Auth len 80

log-format "%trg client_address=%ci, client_port=%cp, server_address=%si, server_port=%sp, path=%r, response_status=%ST, total_time=%Tt, bytes=%U, user_agent=%{+Q}[capture.req.hdr(0)], requested_host=%{+Q}[capture.req.hdr(1)], body=%{+Q}[capture.req.hdr(2),regsub(\n,\\n,g)]"

Sadly the result is empty in most of the cases.

I have noticed that there is a length limit so I tried to increase that as well (not sure if I have done it right, though):

log /dev/log len 10000 local0

Still the body is empty in the log file:

Feb 8 15:02:02 … haproxy[27865]: 08/Feb/2021:15:02:02 +0000 client_address=…, client_port=50500, server_address=…, server_port=8001, path=…, response_status=200, total_time=247, bytes=2118, user_agent=“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36”, requested_host=“…”, body=“”

Am I missing something?

Greetings
Lioh

This certainly a bad idea (pushing binary data from the wire directly into a string based logging system without any protections) and most likely not supported, but if this would ever work, you’d probably need option http-buffer-request so that the buffer actually contains something.

Thanks for your answer. I don’t really understand your concerns. Could you please elaborate which negative effect one could expect by doing this?

Non-printable characters would need to be sanitized. Can’t just shove binary, attacked controlled content into code paths made for ASCII.

CVE-2009-4487, CVE-2009-4488, CVE-2009-4489, CVE-2009-4490, CVE-2009-4491, CVE-2009-4492, CVE-2009-4493, CVE-2009-4494, CVE-2009-4495, CVE-2009-4496 are vulnerabilities about missing sanitation in HTTP headers. For the body it’s even worse, there are no rules for it at all.