Masking IP-Addresses on logging?

Nick Pearson nick.pearson at
Thu Feb 18 17:25:32 MSK 2010

It's humorous when politicians try to regulate the openness of the
Internet.  Well, at least until it starts affecting you in ways like

You can change the log format with something like this:

  server {
    log_format  no_ip  ' - no-user [$time_local]  '
                       '"$request" $status $body_bytes_sent '
                       '"$http_referer" "$http_user_agent"';
    access_log  logs/access.log  no_ip;

See also

Note that in my example, I still write out a bogus IP (normally
$remote_addr) and "no-user" (normally $remote_user, which I'm guessing
might be problematic for you as well) so that existing log parsers
won't trip on your new format.

As for analytics software, you should still be able to use it without
any problem -- you'll just lose the location info that's normally
determined based on the IP.  If you want to keep that, you should be
able to use the geo module and write the country code (or lat/long
maybe?) to your log file as long as your analytics package can parse
and properly handle the extra data.

On Thu, Feb 18, 2010 at 6:39 AM, ts77 <nginx-forum at> wrote:
> Hey there,
> some of you might know that storing full ip addresses in germany is getting more tricky every day and considered a legal problem.
> Is there any way to store masked ip addresses in access logs with nginx while retaining the possibility to use web analytics software?
> thanks,
> thomas
> Posted at Nginx Forum:,55369,55369#msg-55369
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list