Re: ip address masking
Hi, On Tue, Feb 13, 2018 at 5:46 PM, Tom wrote: > Hi, > > I'm wondering if anyone has successfully masked ip addresses in nginx > before they are written to a log file. > > I understand there are reasons why you would and would not do this. > > Anyway, my config so far, which I believe works for ipv4 addresses, but > probably on only a few formats of ipv6 addresses. I've used secondary map > directives to append text to the short ip address as I couldn't work out > how to concatenate the variable with text, so concatenated two variables > instead. (Hope that makes sense). > > > log_format ipmask '$remote_addr $ip_anon'; > > map $remote_addr $ip_anon { > default $remote_addr; > "~^(?P[0-9]{1,3}\.[0-9]{1,3}.)(?P.*)" $ipv4$ipv4suffix; > "~^(?P[^:]+:[^:]+)(?P.*$)" '$ipv6 $junkv6'; > } > > map - $ipv4suffix{ > default 0.0; > } > map - $ipv6suffix{ > default XX; > } > server { > listen 8080; > listen [::]:8080; > server_name _; > access_log /tmp/ngn-ip.log ipmask; > allow all; > } > > > Anyone got any thoughts on this? > Thanks > I suspect it might be a bit more efficient to do this with a simple module than trying to play around with more variables, maps, and regular expressions. I hacked together a quick module to do this: https://github.com/p0pr0ck5/ngx_http_ip_mask_module. You could also do the same thing with a little bit of Lua scripting (simply AND-ing off the unwanted bits). I'd guess extending out the same logic for IPv6 wouldn't be too hard, but that's left as an exercise for the reader :p ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: ip address masking
14.02.2018, 16:08, "Alex Samad" :Why not just change the log format to exclude the ip address or put in static ip 1) Would like to be able to use the ip for geoip, even after the visit. Need the IP for this or to use the geoip module within nginx - though I think for maxmind geoip2 the inbuilt module doesn't support it. (There is an external one.)2) The IP address, even partially redacted, is still useful for identifying incoming traffic on occasion.3) I'm also just trying it out to see if it works I believe the ipv4 _expression_ works, although would allow an address outside the legitimate range, e.g. 999.9.9.256, so I'll work on fine tuning it soon. But coming up with a succinct _expression_ for ipv6 addresses is proving beyond me for now. On 14 February 2018 at 12:46, Tomwrote:Hi, I'm wondering if anyone has successfully masked ip addresses in nginx before they are written to a log file. I understand there are reasons why you would and would not do this. Anyway, my config so far, which I believe works for ipv4 addresses, but probably on only a few formats of ipv6 addresses. I've used secondary map directives to append text to the short ip address as I couldn't work out how to concatenate the variable with text, so concatenated two variables instead. (Hope that makes sense). log_format ipmask '$remote_addr $ip_anon'; map $remote_addr $ip_anon { default $remote_addr; "~^(?P[0-9]{1,3}\.[0-9]{1,3}.)(?P.*)" $ipv4$ipv4suffix; "~^(?P[^:]+:[^:]+)(?P.*$)" '$ipv6 $junkv6';} map - $ipv4suffix{ default 0.0;}map - $ipv6suffix{ default XX;}server { listen 8080; listen [::]:8080; server_name _; access_log /tmp/ngn-ip.log ipmask; allow all;} Anyone got any thoughts on this?Thanks___nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx,___nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: ip address masking
Why not just change the log format to exclude the ip address or put in static ip On 14 February 2018 at 12:46, Tom wrote: > Hi, > > I'm wondering if anyone has successfully masked ip addresses in nginx > before they are written to a log file. > > I understand there are reasons why you would and would not do this. > > Anyway, my config so far, which I believe works for ipv4 addresses, but > probably on only a few formats of ipv6 addresses. I've used secondary map > directives to append text to the short ip address as I couldn't work out > how to concatenate the variable with text, so concatenated two variables > instead. (Hope that makes sense). > > > log_format ipmask '$remote_addr $ip_anon'; > > map $remote_addr $ip_anon { > default $remote_addr; > "~^(?P[0-9]{1,3}\.[0-9]{1,3}.)(?P.*)" $ipv4$ipv4suffix; > "~^(?P[^:]+:[^:]+)(?P.*$)" '$ipv6 $junkv6'; > } > > map - $ipv4suffix{ > default 0.0; > } > map - $ipv6suffix{ > default XX; > } > server { > listen 8080; > listen [::]:8080; > server_name _; > access_log /tmp/ngn-ip.log ipmask; > allow all; > } > > > Anyone got any thoughts on this? > Thanks > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
ip address masking
Hi, I'm wondering if anyone has successfully masked ip addresses in nginx before they are written to a log file. I understand there are reasons why you would and would not do this. Anyway, my config so far, which I believe works for ipv4 addresses, but probably on only a few formats of ipv6 addresses. I've used secondary map directives to append text to the short ip address as I couldn't work out how to concatenate the variable with text, so concatenated two variables instead. (Hope that makes sense). log_format ipmask '$remote_addr $ip_anon'; map $remote_addr $ip_anon { default $remote_addr; "~^(?P[0-9]{1,3}\.[0-9]{1,3}.)(?P.*)" $ipv4$ipv4suffix; "~^(?P[^:]+:[^:]+)(?P.*$)" '$ipv6 $junkv6';} map - $ipv4suffix{ default 0.0;}map - $ipv6suffix{ default XX;}server { listen 8080; listen [::]:8080; server_name _; access_log /tmp/ngn-ip.log ipmask; allow all;} Anyone got any thoughts on this?Thanks___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx