Hi,
I'm wondering if anyone has successfully masked ip addresses in nginx before they are written to a log file.
I understand there are reasons why you would and would not do this.
Anyway, my config so far, which I believe works for ipv4 addresses, but probably on only a few formats of ipv6 addresses. I've used secondary map directives to append text to the short ip address as I couldn't work out how to concatenate the variable with text, so concatenated two variables instead. (Hope that makes sense).
log_format ipmask '$remote_addr $ip_anon';
map $remote_addr $ip_anon {
default $remote_addr;
"~^(?P<ipv4>[0-9]{1,3}\.[0-9]{1,3}.)(?P<junkv4>.*)" $ipv4$ipv4suffix;
"~^(?P<ipv6>[^:]+:[^:]+)(?P<junkv6>.*$)" '$ipv6 $junkv6';
}
"~^(?P<ipv4>[0-9]{1,3}\.[0-9]{1,3}.)(?P<junkv4>.*)" $ipv4$ipv4suffix;
"~^(?P<ipv6>[^:]+:[^:]+)(?P<junkv6>.*$)" '$ipv6 $junkv6';
}
map - $ipv4suffix{
default 0.0;
}
map - $ipv6suffix{
default XX;
}
default 0.0;
}
map - $ipv6suffix{
default XX;
}
server {
listen 8080;
listen [::]:8080;
server_name _;
access_log /tmp/ngn-ip.log ipmask;
allow all;
}
listen 8080;
listen [::]:8080;
server_name _;
access_log /tmp/ngn-ip.log ipmask;
allow all;
}
Anyone got any thoughts on this?
Thanks
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
