Redacting ClientAddr seems to have no effect

FSeidinger · May 4, 2023, 10:17am

Hey there,

is there any redaction strategy implemented for the client field ClientAddr?

I configured limiting this field in my access logs with the value redact but it still shows the IP address instead of REDACTED.

Configuring the field with the value drop works as expected and shows " - " as the value.

Bonus question: would it be possible to anonymize the ip address instead of redacting it? Like having the original ip address 192.168.1.34 anonymize it to 192.168.1.0 or 192.168.1.x

cakiwi · May 4, 2023, 2:08pm

This might be one for the devs to fully answer. @ldez

It looks to me like redact is only implemented on the Headers Fields.

As drop works on these continue to use it.

What is a use case for this that can't be met with drop or redact ?

FSeidinger · May 4, 2023, 5:47pm

In many countries there are laws in place protecting individuals data privacy. For that you have to get a consent before storing their personal date, e.g. their ip address, in logs or databases or. Alternatives are not to store them (drop) or anonymize them.

Topic		Replies	Views
ClientAddr different for traefik api and entrypoints Traefik v3 (latest) docker , middleware	1	28	March 22, 2025
Real client ip address to backend Traefik v2 file , cli	5	3294	August 16, 2023
Forward Rela Traefik IP and Header Logs Traefik v2 docker	2	916	April 4, 2024
Issues with Real Client IP in Traefik Traefik v3 (latest) docker , file	3	1122	June 1, 2024
Printing ProxyProtocol header in access logs and changing traefics IP to the client IP Traefik v2 kubernetes-ingress , tracing , tcp	6	1005	December 13, 2023

Redacting ClientAddr seems to have no effect

Related topics