Re: ip address masking

2018-02-15 Thread Robert Paprocki 
Hi,

On Tue, Feb 13, 2018 at 5:46 PM, Tom  wrote:

> Hi,
>
> I'm wondering if anyone has successfully masked ip addresses in nginx
> before they are written to a log file.
>
> I understand there are reasons why you would and would not do this.
>
> Anyway, my config so far, which I believe works for ipv4 addresses, but
> probably on only a few formats of ipv6 addresses. I've used secondary map
> directives to append text to the short ip address as I couldn't work out
> how to concatenate the variable with text, so concatenated two variables
> instead. (Hope that makes sense).
>
>
> log_format ipmask '$remote_addr $ip_anon';
>
> map $remote_addr $ip_anon {
>   default $remote_addr;
>   "~^(?P[0-9]{1,3}\.[0-9]{1,3}.)(?P.*)" $ipv4$ipv4suffix;
>   "~^(?P[^:]+:[^:]+)(?P.*$)" '$ipv6 $junkv6';
> }
>
> map - $ipv4suffix{
>  default 0.0;
> }
> map - $ipv6suffix{
>   default XX;
> }
> server {
>   listen 8080;
>   listen [::]:8080;
>   server_name _;
>   access_log /tmp/ngn-ip.log ipmask;
>   allow all;
> }
>
>
> Anyone got any thoughts on this?
> Thanks
>

I suspect it might be a bit more efficient to do this with a simple module
than trying to play around with more variables, maps, and regular
expressions. I hacked together a quick module to do this:
https://github.com/p0pr0ck5/ngx_http_ip_mask_module. You could also do the
same thing with a little bit of Lua scripting (simply AND-ing off the
unwanted bits). I'd guess extending out the same logic for IPv6 wouldn't be
too hard, but that's left as an exercise for the reader :p
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: ip address masking

2018-02-13 Thread Tom 
  14.02.2018, 16:08, "Alex Samad" :Why not just change the log format to exclude the ip address or put in static ip  1) Would like to be able to use the ip for geoip, even after the visit. Need the IP for this or to use the geoip module within nginx - though I think for maxmind geoip2 the inbuilt module doesn't support it. (There is an external one.)2) The IP address, even partially redacted, is still useful for identifying incoming traffic on occasion.3) I'm also just trying it out to see if it works I believe the ipv4 _expression_ works, although would allow an address outside the legitimate range, e.g. 999.9.9.256, so I'll work on fine tuning it soon. But coming up with a succinct _expression_ for ipv6 addresses is proving beyond me for now. On 14 February 2018 at 12:46, Tom  wrote:Hi, I'm wondering if anyone has successfully masked ip addresses in nginx before they are written to a log file. I understand there are reasons why you would and would not do this. Anyway, my config so far, which I believe works for ipv4 addresses, but probably on only a few formats of ipv6 addresses. I've used secondary map directives to append text to the short ip address as I couldn't work out how to concatenate the variable with text, so concatenated two variables instead. (Hope that makes sense).  log_format ipmask '$remote_addr $ip_anon'; map $remote_addr $ip_anon {  default $remote_addr;  "~^(?P[0-9]{1,3}\.[0-9]{1,3}.)(?P.*)" $ipv4$ipv4suffix;  "~^(?P[^:]+:[^:]+)(?P.*$)" '$ipv6 $junkv6';} map - $ipv4suffix{ default 0.0;}map - $ipv6suffix{  default XX;}server {  listen 8080;  listen [::]:8080;  server_name _;  access_log /tmp/ngn-ip.log ipmask;  allow all;}  Anyone got any thoughts on this?Thanks___nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx,___nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: ip address masking

2018-02-13 Thread Alex Samad 
Why not just change the log format to exclude the ip address or put in
static ip

On 14 February 2018 at 12:46, Tom  wrote:

> Hi,
>
> I'm wondering if anyone has successfully masked ip addresses in nginx
> before they are written to a log file.
>
> I understand there are reasons why you would and would not do this.
>
> Anyway, my config so far, which I believe works for ipv4 addresses, but
> probably on only a few formats of ipv6 addresses. I've used secondary map
> directives to append text to the short ip address as I couldn't work out
> how to concatenate the variable with text, so concatenated two variables
> instead. (Hope that makes sense).
>
>
> log_format ipmask '$remote_addr $ip_anon';
>
> map $remote_addr $ip_anon {
>   default $remote_addr;
>   "~^(?P[0-9]{1,3}\.[0-9]{1,3}.)(?P.*)" $ipv4$ipv4suffix;
>   "~^(?P[^:]+:[^:]+)(?P.*$)" '$ipv6 $junkv6';
> }
>
> map - $ipv4suffix{
>  default 0.0;
> }
> map - $ipv6suffix{
>   default XX;
> }
> server {
>   listen 8080;
>   listen [::]:8080;
>   server_name _;
>   access_log /tmp/ngn-ip.log ipmask;
>   allow all;
> }
>
>
> Anyone got any thoughts on this?
> Thanks
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

ip address masking

2018-02-13 Thread Tom 
Hi, I'm wondering if anyone has successfully masked ip addresses in nginx before they are written to a log file. I understand there are reasons why you would and would not do this. Anyway, my config so far, which I believe works for ipv4 addresses, but probably on only a few formats of ipv6 addresses. I've used secondary map directives to append text to the short ip address as I couldn't work out how to concatenate the variable with text, so concatenated two variables instead. (Hope that makes sense).  log_format ipmask '$remote_addr $ip_anon'; map $remote_addr $ip_anon {  default $remote_addr;  "~^(?P[0-9]{1,3}\.[0-9]{1,3}.)(?P.*)" $ipv4$ipv4suffix;  "~^(?P[^:]+:[^:]+)(?P.*$)" '$ipv6 $junkv6';} map - $ipv4suffix{ default 0.0;}map - $ipv6suffix{  default XX;}server {  listen 8080;  listen [::]:8080;  server_name _;  access_log /tmp/ngn-ip.log ipmask;  allow all;}  Anyone got any thoughts on this?Thanks___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx