- Ubuntu 10.04.2
- nginx 0.7.65
I see some weird HTTP requests coming to my nginx server.
To better understand what is going on, I want to dump whole HTTP request data for such queries. (I.e. dump all request headers and body somewhere I can read them.)
Can I do this with nginx? Alternatively, is there some HTTP server that allows me to do this out of the box, to which I can proxy these requests by the means of nginx?
Update: Note that this box has a bunch of normal traffic, and I would like to avoid capturing all of it on low level (say, with tcpdump) and filtering it out later.
I think it would be much easier to filter good traffic first in a rewrite rule (fortunately I can write one quite easily in this case), and then deal with bogus traffic only.
And I do not want to channel bogus traffic to another box just to be able to capture it there with tcpdump.
Update 2: To give a bit more details, bogus request have parameter named (say) foo in their GET query (the value of the parameter can differ). Good requests are guaranteed not to have this parameter ever.
If I can filter by this in tcpdump or ngrep somehow — no problem, I'll use these.
Best Answer
Adjust the number of pre/post lines (-B and -A args) as needed:
This lets you get the HTTP requests you want, on the box, without generating a huge PCAP file that you have to offload somewhere else.
Keep in mind, that the BPF filter is never exact, if there are a large number of packets flowing through any box, BPF can and will drop packets.