mod_log_ipmask
mod_log_ipmask copied to clipboard
webfactory
does not work with IPv6?
I don't see many IPv6 requests in my logs, but those don't seem to be anonymized. Is there a way to anonymize IPv6 addresses as well?
It seems IPv6 handling is currently missing in the code.
I doubt that we will be able to support that anytime soon, mostly because my C is a bit rusty and I am not very familiar with the Apache API.
Of course I'd be happy to review a patch. Or maybe Saoxnia's data protection officer or the original author, Florian van Koten at systematics NETWORK SERVICES GmbH, might help with funding and/or coding?
I was looking around for solutions and found http://bug.st/mod_anonstats
That's a module that anonymizes logs by either hashing the IP addresses with MD5 or by setting all IPs to 127.0.0.1. But that module looks like it runs with IPv4 only, too. I'm not even sure it works with Apache 2.4.
Digging through the Apache docs, I found "piped logs": https://httpd.apache.org/docs/2.4/logs.html#piped I'm currently experimenting with a simple perl script that runs as a pipe and hashes the IP addreses - it reads the first field of a log line regardless of type (IPv4, IPv6, hostname or just any other string) and generates an artificial IPv4 address. As I don't have a real busy server, this should work for me.
(nb: Setting all IPs to "127.0.0.1" can be done without any module: Just add a LogFormat that uses no %a or %h but the string 127.0.0.1 as first argument :-))
my piped log solution seems to work, I just set up a repo at https://github.com/mmitch/httpd-log-anon-filter
The IPv6 patch by Peter Conrad working for mod_log_ipmask under apache2.2 is here still working: apache2.4-ipv6.patch.txt
@rseffner Does this work with IPv4 and IPv6 in parallel?
If so, would you mind creating a Pull Request for it?