Welcome! Log In Create A New Profile

Advanced

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune
September 22, 2020 02:56AM
Hi,

Thanks for that input!

> On 22. Sep 2020, at 08:42, Hung Nguyen <hungnv@opensource.com.vn> wrote:
>
> Hi Christian,
>
> In my opinion your use case (GDPR) is not widely used, since Nginx offers developer number of ways to change nginx behaviour and add more feature other than default, you should consider to write your own module to archive what you want

Interesting. Technically one can currently make a single nginx config that is GDPR compliant WRT IP logging. However, it’s AFAICT impossible to set up nginx in a way so that delegating virtual host configuration to another party doesn’t automatically lead to accidents (we weren’t able to avoid accidents even without delegation).

I was surprised that there is no way to change the default logging format reliably - and this could be an alternative path more relevant to the core with two options that I see:

1. allow redefining the ‘combined’ log format, or
2. allow explicitly setting another format as default (might be easier when I look at the current structure)

Having the anonymized IP as a separate value (remote_addr_anon) could easily be extracted into a separate module but maybe its so lightweight that adding it to the core makes sense as well. We originally did it purely using maps, my gut feeling tells me that that’s much slower but we don’t have any evidence of it making a significant impact at our traffic levels.

I would have thought that GDPR would be more relevant as nginx is so widely spread and privacy compliance has been such a big topic in Europe over the last years … Googling for “nginx gdpr” gives “only” 833k results. Not nothing but I kind of expected a larger result set.

Cheers,
Christian

--
Christian Theune · ct@flyingcircus.io · +49 345 219401 0
Flying Circus Internet Operations GmbH · http://flyingcircus.io
Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland
HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

(draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune 600 September 16, 2020 11:30AM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune 333 September 16, 2020 03:22PM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune 309 September 22, 2020 02:32AM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Hung Nguyen 297 September 22, 2020 02:44AM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune 326 September 22, 2020 02:56AM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

itpp2012 674 September 22, 2020 03:20AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 283
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready