Redacting ClientAddr seems to have no effect

FSeidinger · May 4, 2023, 10:17am

Hey there,

is there any redaction strategy implemented for the client field ClientAddr?

I configured limiting this field in my access logs with the value redact but it still shows the IP address instead of REDACTED.

Configuring the field with the value drop works as expected and shows " - " as the value.

Bonus question: would it be possible to anonymize the ip address instead of redacting it? Like having the original ip address 192.168.1.34 anonymize it to 192.168.1.0 or 192.168.1.x

cakiwi · May 4, 2023, 2:08pm

This might be one for the devs to fully answer. @ldez

It looks to me like redact is only implemented on the Headers Fields.

As drop works on these continue to use it.

What is a use case for this that can't be met with drop or redact ?

FSeidinger · May 4, 2023, 5:47pm

In many countries there are laws in place protecting individuals data privacy. For that you have to get a consent before storing their personal date, e.g. their ip address, in logs or databases or. Alternatives are not to store them (drop) or anonymize them.