new variable: $remote_addr_anon
|Reported by:||Owned by:|
|uname -a:||Linux www.rockers.de 2.6.18-028stab119.3 #1 SMP Tue Sep 15 16:18:30 MSD 2015 x86_64 x86_64 x86_64 GNU/Linux|
nginx version: nginx/1.9.2
built with OpenSSL 1.0.1e 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --conf-path=/srv/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-cc-opt=-Wno-error --add-module=/usr/local/lib/ruby/gems/*/gems/passenger-5.0.11/ext/nginx --with-http_ssl_module --with-http_spdy_module --add-module=../ngx-fancyindex --add-module=../headers-more-nginx-module-0.25
I'd like to suggest a new feature:
There should be a new variable:
(I suggest the name: $remote_addr_anon)
That variable should be a anonymized version of the $remote_adrr variable.
In case of ipv4, the last octet should be replaced by '1':
aka when $remote_address is 220.127.116.11
then $remote_addr_anon should be 18.104.22.168
I'm not sure how to achieve the same thing for ipv6,
but maybe replacing the last octet there would be good enough for a start.
I'm from Germany, we are not allowed to place full ip addresses in any log files,
this is deemed violation of privacy and is actually forbidden by law.
some solutions have been suggested:
We still want to retain some part of the ip address,
so that we can still apply geoip.
To my believe that would be ok than with german law,
as long as we drop the last octet (aka default it to 1)
This would really help all of us using nginx in Germany,
and it might also be a welcome privacy enhancement around the world.
Let me put that another way (so why this is a critical enhancement):
Anyone who does write any log files using the standard log facility is breaking german law.
I believe that the $remote_addr is set really deep in the core,
I'd like to suggest that the $remote_addr_anon should be set at the same place, deep in there.
This would really, really be a very welcome feature.