14.02.2018, 16:08, "Alex Samad" <a...@samad.com.au>:
Why not just change the log format to exclude the ip address or put in static ip 
 
1) Would like to be able to use the ip for geoip, even after the visit. Need the IP for this or to use the geoip module within nginx - though I think for maxmind geoip2 the inbuilt module doesn't support it. (There is an external one.)
2) The IP address, even partially redacted, is still useful for identifying incoming traffic on occasion.
3) I'm also just trying it out to see if it works
 
I believe the ipv4 _expression_ works, although would allow an address outside the legitimate range, e.g. 999.9.9.256, so I'll work on fine tuning it soon. But coming up with a succinct _expression_ for ipv6 addresses is proving beyond me for now.
 
On 14 February 2018 at 12:46, Tom <t...@keepschtum.win> wrote:
Hi,
 
I'm wondering if anyone has successfully masked ip addresses in nginx before they are written to a log file.
 
I understand there are reasons why you would and would not do this.
 
Anyway, my config so far, which I believe works for ipv4 addresses, but probably on only a few formats of ipv6 addresses. I've used secondary map directives to append text to the short ip address as I couldn't work out how to concatenate the variable with text, so concatenated two variables instead. (Hope that makes sense).
 
 
log_format ipmask '$remote_addr $ip_anon';
 
map $remote_addr $ip_anon {
  default $remote_addr;
  "~^(?P<ipv4>[0-9]{1,3}\.[0-9]{1,3}.)(?P<junkv4>.*)" $ipv4$ipv4suffix;
  "~^(?P<ipv6>[^:]+:[^:]+)(?P<junkv6>.*$)" '$ipv6 $junkv6';
}
 
map - $ipv4suffix{
 default 0.0;
}
map - $ipv6suffix{
  default XX;
}
server {
  listen 8080;
  listen [::]:8080;
  server_name _;
  access_log /tmp/ngn-ip.log ipmask;
  allow all;
}
 
 
Anyone got any thoughts on this?
Thanks

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
,

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to