Follow

Schon anno 2000 gab es einen für eine heute noch beliebte -Software – weil sie in der Voreinstellung alle Daten über die Surfenden protokolliert, die sie kriegen kann.
digitalcourage.de/adventskalen

@digitalcourage
I'm still serking contact to experienced #apache and #nginx developers. I want to get a feature like #anonip into the #webserver's core to boost #privacy. I'm esp. interested in how "early" in the stack IP-addresses can be anonymized to avoid logging by reverse-proxied/upstream systems.

#followerpower #pleaseboost
Also see nerdculture.de/@kirschwipfel/1

@kirschwipfel @digitalcourage @chpietsch and just reconfiguring the logging to not write the source IP to logs is not sufficient?

@maxheadroom
Some admins might not want to completly remove the IP-addr e.g. for some statustics/analytics - which is okay if anonymized. If #Apache and #nginx offer by just setting a vobfjg option, adoption might increase.
Also it' s not only logging, but also proxy forwarding headers, wsgi, etc. If the web server already anonymizes the IP address, the admin has one burden less.
@digitalcourage @chpietsch

@kirschwipfel @digitalcourage @chpietsch my experience is (and I'm doing operations since more than 20 years) that admin of these servers either need the full address or none at all for their debugging. Anonymizes logs don't help for operations incidents. Analytics is mostly the business of non-admin people. They can work with post-processed logs.

@kirschwipfel @digitalcourage
If you do reverse proxy you should kick out some info via 'RequestHeader', e.g.:

ProxyPass /goesToExtService my.example.com/service nocanon

<Location /goesToExtService>
RequestHeader edit DNT 0 1
RequestHeader set User-Agent "App"
RequestHeader unset Cookie
RequestHeader unset Accept-Language
ProxyAddHeaders off
</Location>

This is just an example. May be you need cookies. Then don't remove them from the reverse proxy request.

Sign in to participate in the conversation
digitalcourage.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!