Schon anno 2000 gab es einen #BigBrotherAward für eine heute noch beliebte #Webserver-Software – weil sie in der Voreinstellung alle Daten über die Surfenden protokolliert, die sie kriegen kann.
https://digitalcourage.de/adventskalender/16
#Adventskalender #BigBrotherAwards #Überwachungskapitalismus
@kirschwipfel @digitalcourage @chpietsch and just reconfiguring the logging to not write the source IP to logs is not sufficient?
@maxheadroom
Some admins might not want to completly remove the IP-addr e.g. for some statustics/analytics - which is okay if anonymized. If #Apache and #nginx offer by just setting a vobfjg option, adoption might increase.
Also it' s not only logging, but also proxy forwarding headers, wsgi, etc. If the web server already anonymizes the IP address, the admin has one burden less.
@digitalcourage @chpietsch
@kirschwipfel @digitalcourage @chpietsch my experience is (and I'm doing operations since more than 20 years) that admin of these servers either need the full address or none at all for their debugging. Anonymizes logs don't help for operations incidents. Analytics is mostly the business of non-admin people. They can work with post-processed logs.
@kirschwipfel @digitalcourage
If you do reverse proxy you should kick out some info via 'RequestHeader', e.g.:
ProxyPass /goesToExtService https://my.example.com/service nocanon
<Location /goesToExtService>
RequestHeader edit DNT 0 1
RequestHeader set User-Agent "App"
RequestHeader unset Cookie
RequestHeader unset Accept-Language
ProxyAddHeaders off
</Location>
This is just an example. May be you need cookies. Then don't remove them from the reverse proxy request.
@digitalcourage
I'm still serking contact to experienced #apache and #nginx developers. I want to get a feature like #anonip into the #webserver's core to boost #privacy. I'm esp. interested in how "early" in the stack IP-addresses can be anonymized to avoid logging by reverse-proxied/upstream systems.
#followerpower #pleaseboost
Also see https://nerdculture.de/@kirschwipfel/102175428061092040