ip address masking

[Robert Paprocki]

Hi,

On Tue, Feb 13, 2018 at 5:46 PM, Tom <tom at keepschtum.win> wrote:

> Hi,
>
> I'm wondering if anyone has successfully masked ip addresses in nginx
> before they are written to a log file.
>
> I understand there are reasons why you would and would not do this.
>
> Anyway, my config so far, which I believe works for ipv4 addresses, but
> probably on only a few formats of ipv6 addresses. I've used secondary map
> directives to append text to the short ip address as I couldn't work out
> how to concatenate the variable with text, so concatenated two variables
> instead. (Hope that makes sense).
>
>
> log_format ipmask '$remote_addr $ip_anon';
>
> map $remote_addr $ip_anon {
>   default $remote_addr;
>   "~^(?P<ipv4>[0-9]{1,3}\.[0-9]{1,3}.)(?P<junkv4>.*)" $ipv4$ipv4suffix;
>   "~^(?P<ipv6>[^:]+:[^:]+)(?P<junkv6>.*$)" '$ipv6 $junkv6';
> }
>
> map - $ipv4suffix{
>  default 0.0;
> }
> map - $ipv6suffix{
>   default XX;
> }
> server {
>   listen 8080;
>   listen [::]:8080;
>   server_name _;
>   access_log /tmp/ngn-ip.log ipmask;
>   allow all;
> }
>
>
> Anyone got any thoughts on this?
> Thanks
>

I suspect it might be a bit more efficient to do this with a simple module
than trying to play around with more variables, maps, and regular
expressions. I hacked together a quick module to do this:
https://github.com/p0pr0ck5/ngx_http_ip_mask_module. You could also do the
same thing with a little bit of Lua scripting (simply AND-ing off the
unwanted bits). I'd guess extending out the same logic for IPv6 wouldn't be
too hard, but that's left as an exercise for the reader :p
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180215/9e1caf6e/attachment.html>