IP address anonymizer for Ruby and Rails
Branch: master
Clone or download
Latest commit bbcbbce Sep 28, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib Revert "Enforce secure key generation" Sep 28, 2018
test Revert "Enforce secure key generation" Sep 28, 2018
.gitignore Added Gemfile.lock to .gitignore [skip ci] May 6, 2018
.travis.yml First commit May 6, 2018
CHANGELOG.md Revert "Enforce secure key generation" Sep 28, 2018
Gemfile First commit May 6, 2018
LICENSE.txt Added last name to license [skip ci] May 6, 2018
README.md Fixed highlighting [skip ci] Jul 24, 2018
Rakefile
ip_anonymizer.gemspec And Rails [skip ci] May 6, 2018

README.md

IP Anonymizer

🌎 IP address anonymizer for Ruby and Rails

Works with IPv4 and IPv6

Designed to help with GDPR compliance

Build Status

Getting Started

Add these lines to your application’s Gemfile:

gem 'ip_anonymizer'

There are two strategies for anonymizing IPs.

Masking

This is the approach Google Analytics uses for IP anonymization:

  • For IPv4, set the last octet to 0
  • For IPv6, set the last 80 bits to zeros
IpAnonymizer.mask_ip("8.8.4.4")
# => "8.8.4.0"

IpAnonymizer.mask_ip("2001:4860:4860:0:0:0:0:8844")
# => "2001:4860:4860::"

An advantange of this approach is geocoding will still work, only with slightly less accuracy. A potential disadvantage is different IPs will have the same mask (8.8.4.4 and 8.8.4.5 both become 8.8.4.0).

Hashing

Transform IP addresses with a keyed hash function (PBKDF2-HMAC-SHA256).

IpAnonymizer.hash_ip("8.8.4.4", key: "secret")
# => "6.128.151.207"

IpAnonymizer.hash_ip("2001:4860:4860:0:0:0:0:8844", key: "secret")
# => "f6e4:a4fe:32dc:2f39:3e47:84cc:e85e:865c"

An advantage of this approach is different IPs will have different hashes (with the exception of collisions).

Make sure the key is kept secret and at least 30 random characters. Otherwise, a rainbow table can be constructed. You can generate a good key with:

SecureRandom.hex(32)

Rails

Automatically anonymize request.remote_ip in Rails.

For masking, add to config/application.rb:

config.middleware.insert_after ActionDispatch::RemoteIp, IpAnonymizer::MaskIp

For hashing, use:

config.middleware.insert_after ActionDispatch::RemoteIp, IpAnonymizer::HashIp, key: "secret"

Related Projects

  • Logstop - Keep personally identifiable information (PII) out of your logs

History

View the changelog

Contributing

Everyone is encouraged to help improve this project. Here are a few ways you can help:

To get started with development and testing:

git clone https://github.com/ankane/ip_anonymizer.git
cd ip_anonymizer
bundle install
rake test