
                     _                                  _
                    | | ___   __ _      _ __   ___  ___| |_
                    | |/ _ \ / _` |    | '_ \ / _ \/ __| __|
                    | | (_) | (_| |    | |_) | (_) \__ \ |_
                    |_|\___/ \__, |____| .__/ \___/|___/\__|
                             |___/_____|_|





Content
-------

1.0 What is mod_log_post?
2.0 Requirements
3.0 Installation and configuration
4.0 License and copyright
5.0 Bugs and reporting
6.0 Contact


1.0 What is mod_log_post?
-------------------------

mod_log_post is an Apache 2.0 and 2.2 module simply and only logging all HTTP
POST messages. When searching for a solution for my specific case, I found the
mod_dumpio module from the Apache Software Foundation. That module might also
work for you, for me it never logged anything even if configured correct. Note,
that mod_dumpio not just logs HTTP POST messages, but all input HTTP traffic,
if you ever get the module working somewhere.

The only more or less reliable solution I've found is mod_security from Breach
Security Inc. with the problem, that some webbased applications can cause you
trouble - even if mod_security is configured to only log and pass everything.
In the end, I began to remove unwanted and unneeded mod_security functionality
to get an Apache module only logging all HTTP POST messages and never complain
about insane uploads or strange proxy configurations, where mod_security maybe
returns some HTTP error messages to the end-user.


2.0 Requirements
----------------
- apache >= 2.x (with apxs and headers for compiling)
- gcc >= 3.0 (for compiling)


3.0 Installation and configuration
----------------------------------

Extract the mod_log_post-X.Y.Z.tar.gz file using "tar xvfz <file>" or "gzip -d
<file> && tar xvf <file>" for example. "X.Y.Z" simply stands for the current
version number of mod_log_post.

After that, change into the directory and type "./configure", "make" and "make
install". Maybe you should afterwards edit the log_post.conf configuration file
in the Apache configuration directory and review the file for possible global
individual configuration settings.


4.0 License and copyright
-------------------------

As mod_log_post is nearly completely a mod_security with removed functionality,
it is licensed under the same terms and conditions as mod_security.

So mod_log_post module is licensed under GNU General Public License, version 2,
the complete license you can get at: http://www.gnu.org/licenses/gpl-2.0.html

Important: While mod_security comes under a GNU General Public License, version
2 only license (GPLv2), it uses Apache headers under the Apache Public License
2.0 (ASL 2.0). Because of the way GPLv2 and ASL 2.0 work, you can redistribute
the source; however, after compilation, you can't redistribute the binaries. In
short, Linux distributions legally can't ship compiled binary packages, due to
a copyright violation against the Apache Software Foundation.

To solve the issue described above, Breach Security Inc. added an exception to
the terms and conditions of GPLv2. And currently, the legal teams of Fedora and
Debian have accepted that special exception and are shipping mod_security. The
short rule is: If your distribution is allowed to include mod_security, you can
include mod_log_post as well. If you question the licensing of mod_log_post,
you have to question the licensing of mod_security as well, as it's the same.
For details of the special exception, please read the LICENSING_EXCEPTION file.


5.0 Bugs and reporting
----------------------

Well, mod_log_post is my second Apache project and I think that it isn't bug
free - even while or even because it's based on mod_security originally. Please
report bugs and problems - written in German or English language - to me at:
apache@robert-scheck.de


6.0 Contact
-----------

Name     : Robert Scheck
E-Mail   : apache@robert-scheck.de
GnuPG-Key: http://www.robert-scheck.de/kontakt/gpg/rsc.gpg
IRC chat : irc.robert-scheck.de, #robert-scheck
