Skip to content

Conversation

FedericoCeratto
Copy link
Contributor

Fix resolution, logging, ipaddr anonimization

Fix resolution, logging, ipaddr anonimization
# anonymize forwarded ipaddr
map $http_x_forwarded_for $remote_fwd_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]+:[^:]+): $ip::;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See https://stackoverflow.com/questions/6098517/anonymizing-ipv6-addresses for a conversation about how much one should strip of IPv6 addresses to make sense of them. So far, we're erring on the stripping more side but we may want to revisit this choice at a later time if stripping too much makes it impossible to make sense of IPv6 addresses in the logs (I am thinking, in particular, about attacks to mitigate).

Copy link
Contributor

@bassosimone bassosimone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐳

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants