> I am interested in finding a way to make apache be pseudo-anonymous in its > logging.
Personally I use the SetEnvIf and CustomLog directives to achieve areas of anonymity on my web site. (not to mention the possible performance savings) Details how to do that are in the apache docs. If you wanted to get relatively anonymous session-ids placed into your log files you could use the mod_usertrack's cookies in your CustomLog delcaration. (again its in the docs) The downside is that cookies are well, cookies, and aren't reliable. There may be a better module out there that places a user-tracker token into the environment, that would be something to look for. The assumption you're making is that an IP can be traced back to a person, I'm not going to argue that this assumption is flawed, but what you're asking for is a way to have your cake (be able to track down abuse to the source) and eat it too (not store the connection info). If its accountability you're trying to avoid no matter what, if you store the IP anywhere, be it encrypted/seperated or not, you've already lost. If you don't want to be able to say 1.2.3.4 connected to /myphatmp3archive/ then don't log it. Even then you're probably screwed as your upstream could conceivably log the activity. If, on the other hand, you just want to display your log files to the world sans the detailed connection information, just post-process them and remove the IP. -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa
