Bug#978628: apache2: add privacy LogFormats to apache2.conf
Source: apache2
Severity: normal
The standard LogFormats log detailed information which falls
under data regulations like the EU's GDPR and California's CCPA.
This merge request adds "privacy" LogFormat options for logging
that cannot be used to identify users. This has been developed
and used by Tor Project and Guardian Project.
https://guardianproject.info/2017/06/08/tracking-usage-without-tracking-people/
https://gitweb.torproject.org/webstats.git/tree/src/sanitize.py
>From be46c40c32420ab071acce4eadbb9d9eedfc153f Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <eighthave@debian.org>
Date: Tue, 29 Dec 2020 11:53:36 +0000
Subject: [PATCH 1/1] add privacy LogFormats to apache2.conf
The standard LogFormats log detailed information which falls
under data regulations like the EU's GDPR and California's CCPA.
This merge request adds "privacy" LogFormat options for logging
that cannot be used to identify users. This has been developed
and used by Tor Project and Guardian Project.
https://guardianproject.info/2017/06/08/tracking-usage-without-tracking-people/
https://gitweb.torproject.org/webstats.git/tree/src/sanitize.py
---
debian/config-dir/apache2.conf.in | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/debian/config-dir/apache2.conf.in b/debian/config-dir/apache2.conf.in
index 72220aab..f9a19fc4 100644
--- a/debian/config-dir/apache2.conf.in
+++ b/debian/config-dir/apache2.conf.in
@@ -206,6 +206,9 @@ AccessFileName .htaccess
# requested file), because the latter makes it impossible to detect partial
# requests.
#
+# The "privacy" format follows the format of the "combined" LogFormat but
+# with Personally Identifiable Information (PII) stripped out.
+#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
@@ -214,6 +217,9 @@ LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combine
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%v:%p 0.0.0.0 - - %{[%d/%b/%Y:00:00:00 %z]}t \"%r\" %>s %O \"%{Referer}i\" \"-\"" vhost_privacy
+LogFormat "0.0.0.0 - - %{[%d/%b/%Y:00:00:00 %z]}t \"%r\" %>s %O \"%{Referer}i\" \"-\"" privacy
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
--
2.20.1
Reply to: