[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: psuedonymity and apache

> I am interested in finding a way to make apache be pseudo-anonymous in its
> logging.

Personally I use the SetEnvIf and CustomLog directives to achieve areas of
anonymity on my web site. (not to mention the possible performance savings)
Details how to do that are in the apache docs.

If you wanted to get relatively anonymous session-ids placed into your log
files you could use the mod_usertrack's cookies in your CustomLog
delcaration.  (again its in the docs)  The downside is that cookies are
well, cookies, and aren't reliable.  There may be a better module out there
that places a user-tracker token into the environment, that would be
something to look for.

The assumption you're making is that an IP can be traced back to a person,
I'm not going to argue that this assumption is flawed, but what you're
asking for is a way to have your cake (be able to track down abuse to the
source) and eat it too (not store the connection info).  If its
accountability you're trying to avoid no matter what, if you store the IP
anywhere, be it encrypted/seperated or not, you've already lost.  If you
don't want to be able to say connected to /myphatmp3archive/ then
don't log it.  Even then you're probably screwed as your upstream could
conceivably log the activity.  If, on the other hand, you just want to
display your log files to the world sans the detailed connection
information, just post-process them and remove the IP.

Jamie Heilman                   http://audible.transient.net/~jamie/
"Most people wouldn't know music if it came up and bit them on the ass."
                                                        -Frank Zappa

Reply to: