Bug#978628: apache2: add privacy LogFormats to apache2.conf

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#978628: apache2: add privacy LogFormats to apache2.conf
From: Hans-Christoph Steiner <hans@eds.org>
Date: Tue, 29 Dec 2020 12:59:42 +0100
Message-id: <[🔎] 160924318228.19141.16631915276086840500.reportbug@sova.at.or.at>
Reply-to: Hans-Christoph Steiner <hans@eds.org>, 978628@bugs.debian.org

Source: apache2
Severity: normal

The standard LogFormats log detailed information which falls
under data regulations like the EU's GDPR and California's CCPA.
This merge request adds "privacy" LogFormat options for logging
that cannot be used to identify users.  This has been developed
and used by Tor Project and Guardian Project.

https://guardianproject.info/2017/06/08/tracking-usage-without-tracking-people/
https://gitweb.torproject.org/webstats.git/tree/src/sanitize.py

>From be46c40c32420ab071acce4eadbb9d9eedfc153f Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <eighthave@debian.org>
Date: Tue, 29 Dec 2020 11:53:36 +0000
Subject: [PATCH 1/1] add privacy LogFormats to apache2.conf

The standard LogFormats log detailed information which falls
under data regulations like the EU's GDPR and California's CCPA.
This merge request adds "privacy" LogFormat options for logging
that cannot be used to identify users.  This has been developed
and used by Tor Project and Guardian Project.

https://guardianproject.info/2017/06/08/tracking-usage-without-tracking-people/
https://gitweb.torproject.org/webstats.git/tree/src/sanitize.py
---
 debian/config-dir/apache2.conf.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/config-dir/apache2.conf.in b/debian/config-dir/apache2.conf.in
index 72220aab..f9a19fc4 100644
--- a/debian/config-dir/apache2.conf.in
+++ b/debian/config-dir/apache2.conf.in
@@ -206,6 +206,9 @@ AccessFileName .htaccess
 # requested file), because the latter makes it impossible to detect partial
 # requests.
 #
+# The "privacy" format follows the format of the "combined" LogFormat but
+# with Personally Identifiable Information (PII) stripped out.
+#
 # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
 # Use mod_remoteip instead.
 #
@@ -214,6 +217,9 @@ LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combine
 LogFormat "%h %l %u %t \"%r\" %>s %O" common
 LogFormat "%{Referer}i -> %U" referer
 LogFormat "%{User-agent}i" agent
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%v:%p 0.0.0.0 - - %{[%d/%b/%Y:00:00:00 %z]}t \"%r\" %>s %O \"%{Referer}i\" \"-\"" vhost_privacy
+LogFormat "0.0.0.0 - - %{[%d/%b/%Y:00:00:00 %z]}t \"%r\" %>s %O \"%{Referer}i\" \"-\"" privacy
 
 # Include of directories ignores editors' and dpkg's backup files,
 # see README.Debian for details.
-- 
2.20.1

Reply to:

Follow-Ups:
- Processed: Re: Bug#978628: Acknowledgement (apache2: add privacy LogFormats to apache2.conf)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: ssl-cert_1.1.0_source.changes ACCEPTED into unstable
Next by Date: Bug#978628: Acknowledgement (apache2: add privacy LogFormats to apache2.conf)
Previous by thread: ssl-cert_1.1.0_source.changes ACCEPTED into unstable
Next by thread: Bug#978628: Acknowledgement (apache2: add privacy LogFormats to apache2.conf)
Index(es):
- Date
- Thread