https://bz.apache.org/bugzilla/show_bug.cgi?id=59765
--- Comment #8 from William A. Rowe Jr. <wr...@apache.org> --- https://lists.apache.org/thread.html/c4d7a66ca113727a1eb3f2fc3e17e367e08cd38a7fc36d5a252422df@1443710720@%3Csite-dev.apache.org%3E I'd done this without patching mod_status... <Location /server-status> SetHandler server-status <If "%{CONN_REMOTE_ADDR} != '127.0.0.1'"> SetOutputFilter Sed OutputSed "s#<td>[^<]*</td><td nowrap>#<td>redacted</td><td nowrap>#g" </If> </Location> This provides no client IP, unless a trusted service (e.g. the host itself) is inspecting the output. The issue with hashing the IP is that it is reasonably reversible, being only one DWORD of data (excepting IPv6). The salt can be ascertained by examining the salt applied to the requester's own entry in the status output. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
