subject:"\[Bug 59765\] provide a way to obfuscate\/hash IP addresses"

[Bug 59765] provide a way to obfuscate/hash IP addresses

2017-03-02 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

Szőgyényi Gábor  changed:

   What|Removed |Added

 CC||szg0...@freemail.hu

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2017-01-30 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #14 from Luca Toscano  ---
After a chat with Humbedooh there might be a better way to do this using
mod-lua. I am going to update this task and the documentation when the lua code
will be published.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-11-26 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #13 from Luca Toscano  ---
The patch attached creates a new directive called "PrivacyStatus" that is
directory context aware (previous patch was only server level). I think that
this would be good for admins that need to publish an external public facing
server-status while being able to consult a private one showing IPs.

Still not worked on Jim's comment about replacing the IPs with x.x.x.x and not
with a blank line.

1) Would we need to distinguish between IPv4/6? So something like x.x.x.x vs
[x:x:x:x] or similar? I guess that probably this info falls under the "privacy"
shield that we want to offer, but at the same time it might confuse users. 

2) Is there an XML output option for mod_status?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-11-26 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #12 from Luca Toscano  ---
Created attachment 34479
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34479=edit
Mod status PrivacyMode directive (directory context aware version)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-11-22 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

Jim Jagielski  changed:

   What|Removed |Added

 CC||j...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-10-20 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #11 from Jim Jagielski  ---
I'd prefer that if instead of printing out "" it printed out something like
"x.x.x.x" or "255.255.255.255" or something like that for those systems which
may try to screen scrape (or use the XML output option).

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-10-20 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #10 from Luca Toscano  ---
Re-added a very simple patch in:

http://home.apache.org/~elukey/httpd-trunk-mod_status-privacy_mode.patch

This one is only adds a new Server Directive, IIRC on IRC this was the first
one suggested. I'd also see the value of having a new Directive working also
with Location blocks, in order to allow request from localhost to display
client IPs.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-07-22 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #7 from Luca Toscano  ---
(In reply to Eric Covener from comment #6)

> looks like progress, but I would suggest factoring out just the bit that
> retrieves the client ip, even if it means a dummy column.

New diff: http://apaste.info/0le

If this is ok, the last step would be to add the possibility to specify a
server config other than a per directory one. Never done it but it doesn't seem
to be difficult.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-07-20 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #6 from Eric Covener  ---
(In reply to Luca Toscano from comment #5)
> Example of what I meant: http://apaste.info/SyZ
> 
> This is only a proof of concept and works only with Directory/Location
> context. The idea is to remove completely the Client IP column and add the
> sentence "Client IP removed due to privacy mode set." on top of the table.

looks like progress, but I would suggest factoring out just the bit that
retrieves the client ip, even if it means a dummy column.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-07-20 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #5 from Luca Toscano  ---
Example of what I meant: http://apaste.info/SyZ

This is only a proof of concept and works only with Directory/Location context.
The idea is to remove completely the Client IP column and add the sentence
"Client IP removed due to privacy mode set." on top of the table.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-07-15 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #4 from Luca Toscano  ---
(In reply to Eric Covener from comment #3)
> 
> I thought this too, and maybe it's fine for a first pass, but you probably
> would want to know how many clients were the same at any given time.   Maybe
> blank out the middle?

I would still prefer complete anonymity, not sure if we can avoid completely
fingerprinting. If the goal is to offer to the admin a way to know clients
connected, we could offer multiple views of mod-status, the privacy one
available for everybody (removing the IPs completely) and the more complete one
restricted for example to localhost. Maybe this is possible simply with the new
directive?

Something like:


SetHandler server-status
Require host 127.0.0.1



SetHandler server-status
Require all granted
ServerStatusPrivacyMode on


-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-07-09 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #3 from Eric Covener  ---
(In reply to Luca Toscano from comment #2)
> The implementation seems not super difficult, but I have a couple of
> questions:
> 
> 1) How would it be better to set the "obfuscate" mode to on? Something like
> ExtendedStatus in core or by other means?

mod_status directive would be best.  
> 
> 2) hashing every single IP address with a reasonable function could be good
> for a lot of reasons (no need for a shared state to assign the same value to
> the same IP over multiple requests, variety in the hashing functions, etc..)
> but it could also lead to resources waste while doing hash calculations on
> busy servers. Would it be reasonable just to remove the "Client" column from
> status and extended status? This concern might be not relevant with modern
> CPU, but it is good in my opinion to discuss it.

I thought this too, and maybe it's fine for a first pass, but you probably
would want to know how many clients were the same at any given time.   Maybe
blank out the middle?

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-07-09 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #2 from Luca Toscano  ---
The implementation seems not super difficult, but I have a couple of questions:

1) How would it be better to set the "obfuscate" mode to on? Something like
ExtendedStatus in core or by other means?

2) hashing every single IP address with a reasonable function could be good for
a lot of reasons (no need for a shared state to assign the same value to the
same IP over multiple requests, variety in the hashing functions, etc..) but it
could also lead to resources waste while doing hash calculations on busy
servers. Would it be reasonable just to remove the "Client" column from status
and extended status? This concern might be not relevant with modern CPU, but it
is good in my opinion to discuss it.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

2016-06-27 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

Eric Covener  changed:

   What|Removed |Added

Summary|provide a way to|provide a way to
   |obfuscate/hash email|obfuscate/hash IP addresses
   |addresses   |

--- Comment #1 from Eric Covener  ---
er, IP addresses :(

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

[Bug 59765] provide a way to obfuscate/hash IP addresses

14 matches

Site Navigation

Mail list logo

Footer information