When debugging client-server interactions, especially with AJAX-heavy applications, seeing the complete HTTP transaction becomes crucial. HAProxy provides powerful logging capabilities that can be configured to capture entire POST request bodies for diagnostic purposes.
To enable complete HTTP payload logging in HAProxy 1.6+, you'll need to modify your backend configuration with these critical directives:
frontend http-in
bind *:80
mode http
option httplog
log-format "%{+Q}hr %{+Q}hs %{+Q}[capture.req.hdr(0)] %B"
capture request header Content-Length len 10
capture request header User-Agent len 512
default_backend app_servers
backend app_servers
mode http
server s1 192.168.1.10:8080
option log-health-checks
option logasap
http-request capture req.body id 0
http-response capture res.body id 1
For more granular control, consider these additional configuration options:
# Capture first 1024 bytes of request body
http-request capture req.body(0,1024) id 0
# Capture specific headers along with body
http-request capture req.hdr(Content-Type) id 1
http-request capture req.hdr(Authorization) id 2
# Sample configuration for JSON payload debugging
http-request capture req.body(0,32768) id 3 if { path_beg /api/ }
The default HAProxy log format won't show captured data. You need to customize it:
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \
%CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}[capture.req.hdr(0)] \
%{+Q}[capture.res.hdr(0)] %{+Q}[capture.req.body(0,1024)]"
Remember these important security practices:
- Never enable full body logging in production
- Filter sensitive data (credit cards, auth tokens) from logs
- Use separate debugging instances
- Configure proper log file permissions
When HAProxy logging isn't sufficient, consider these complementary approaches:
- TCPDUMP with filter:
tcpdump -i any -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' - MITM proxies like Charles or Fiddler
- Application-level logging middleware
When debugging API interactions between JavaScript clients and backend services, seeing just the headers isn't enough. Many issues stem from malformed JSON payloads, encoding problems, or unexpected Content-Type headers. While HAProxy normally logs request metadata, capturing the complete POST body requires special configuration.
Add these directives to your backend configuration:
backend app_server
mode http
option httplog
log-format "%{+Q}hr %{+Q}hp %{+Q}hv %{+Q}hs %{+Q}hb"
http-request capture req.body len 1000000
server s1 192.168.1.10:8080 check
The key components are:
option httplog: Enables HTTP-specific logginglog-format: Customizes what gets logged (headers, body, etc.)http-request capture: Captures the request body (adjust len as needed)
For detailed logging of both requests and responses:
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \
%CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}hp %{+Q}hv %{+Q}hb"
Always remember:
- Never enable full body logging in production
- Be cautious with sensitive data in debug environments
- Rotate logs frequently during debugging sessions
If you're not seeing the body in logs:
- Verify
option httplogis enabled - Check that the capture length matches your payload size
- Ensure the backend is in HTTP mode (not TCP)
- Restart HAProxy after configuration changes