Module to remove IP from apache2's logs.
C
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
apache1.3
apache2.0
CHANGES
README

README

mod_removeip - remove information about the remote IP

This module throws away the information on the remote IP and
hostname right at the beginning of handling the request.  That means
its not logged, is not available to any web apps, and can't leak
into error logs and the like.

This is written for use on servers with a strict policy on
protecting the identity of their users.  If the Spooks come and
demand that you hand over your server so they can try to identify
one of your users, this should be enough that you can categorically
state that there is no IP info to be found, and might mean your
server doesn't go offline.

There is currently no facility for enabling the module on a per site
or per directory basis.  It's an all or nothing thing.  This is
because the intent is to make sure IP info is not on the server at
all.  If people want more configurability, I might release an
alternative version.

I've included some configuration files as they'd appear on a typical 
debian apache installation.  They may be instructive for other 
distributions.  There's talk of getting a .deb file put together shortly.

Compile and Install for apache 1.3

cd apache1.3
make removeip
make install

Compile and Install for 2.0:

cd apache1.3
make removeip
make install

Configuration Directives:
REMOVEIPenable On
# Enable module.  Nothing happens without this directive.


Author:
Andrew McNaughton <andrew@scoop.co.nz>
Based on code from mod_rpaf by Thomas Eibner <thomas@stderr.net>

License:
Apache License