This object is in archive!
Comply with EU law by anonymizing IP addresses stored in logs in real time
Needs Feedback
The purpose is to comply with law in certain european states to allow a real time anonymization of apache log files.
The IP addresses that are stored in the log files should be optional truncated by the last byte and thereby made anonymous.
Using custom pipes for logging might be a more general solution. Since "Piped Log Configuration" is already there in WHM that could be a way to go.
Another way would be a proxy between every communitcation.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Could you please link to/cite the specific law(s) involved? This will help us better identify the extent of what may need to be involved with any product changes to satisfy this feature request.
Something to take note is a feature like this would inherently render many features/products that rely on that IP information useless (unique visitor counts, geoip locations, etc).
Once you provide the explicit laws involved, we'll have a better understanding of what this feature request entails.
Could you please link to/cite the specific law(s) involved? This will help us better identify the extent of what may need to be involved with any product changes to satisfy this feature request.
Something to take note is a feature like this would inherently render many features/products that rely on that IP information useless (unique visitor counts, geoip locations, etc).
Once you provide the explicit laws involved, we'll have a better understanding of what this feature request entails.
Could you please link to/cite the specific law(s) involved? This will help us better identify the extent of what may need to be involved with any product changes to satisfy this feature request.
Something to take note is a feature like this would inherently render many features/products that rely on that IP information useless (unique visitor counts, geoip locations, etc).
Once you provide the explicit laws involved, we'll have a better understanding of what this feature request entails.
Could you please link to/cite the specific law(s) involved? This will help us better identify the extent of what may need to be involved with any product changes to satisfy this feature request.
Something to take note is a feature like this would inherently render many features/products that rely on that IP information useless (unique visitor counts, geoip locations, etc).
Once you provide the explicit laws involved, we'll have a better understanding of what this feature request entails.
The EU law says webhosts have to keep logs for 1 year, I'm not sure how trucating IP addresses will be compatible with this ? I haven't found what law you are talking about but I hope this will not be yet another very difficult restriction to comply to.
The EU law says webhosts have to keep logs for 1 year, I'm not sure how trucating IP addresses will be compatible with this ? I haven't found what law you are talking about but I hope this will not be yet another very difficult restriction to comply to.
Is this a specfic German privacy law ?
http://blog.philippklaus.de/2011/05/modify-apache-logging-to-comply-to-german-privacy-law/
http://www.theregister.co.uk/2011/02/28/german_data_regulators_want_to_tighten_ip_laws/
Is this a specfic German privacy law ?
http://blog.philippklaus.de/2011/05/modify-apache-logging-to-comply-to-german-privacy-law/
http://www.theregister.co.uk/2011/02/28/german_data_regulators_want_to_tighten_ip_laws/
The google analytics case was big in Germany. Data protection authorities passed a resolution at the end of November
2009 that makes the analysis of user behavior, based on the personal
linkage of these data by using their full IP address, only permissible
with the user’s deliberate and explicit consent.
https://www.datenschutz-hamburg.de/uploads/media/GoogleAnalytics_Guidelines_for_Hamburg_01.pdf
Google provided the _anonymizeIp() function which removed the last octet of the IP address
The eff had some insights on that topic:
https://www.eff.org/deeplinks/2010/06/european-officials-google-yahoo-microsoft-breaking-law
There are a few other cases like when you want to prevent logging via apache / apache ssl / php interpreter like suphp. One case are surveys where strict privacy in terms of logging and ip tracking is needed.
The google analytics case was big in Germany. Data protection authorities passed a resolution at the end of November
2009 that makes the analysis of user behavior, based on the personal
linkage of these data by using their full IP address, only permissible
with the user’s deliberate and explicit consent.
https://www.datenschutz-hamburg.de/uploads/media/GoogleAnalytics_Guidelines_for_Hamburg_01.pdf
Google provided the _anonymizeIp() function which removed the last octet of the IP address
The eff had some insights on that topic:
https://www.eff.org/deeplinks/2010/06/european-officials-google-yahoo-microsoft-breaking-law
There are a few other cases like when you want to prevent logging via apache / apache ssl / php interpreter like suphp. One case are surveys where strict privacy in terms of logging and ip tracking is needed.
Replies have been locked on this page!