Apache

Unlike most daemons, apache allows you to create a custom log format. Unfortunately, you cannot do this for error logs. Often, a web site will have a missing image (or favicon!), which will result in the IP of every visitor getting logged.

No good!

This page presents three solutions for this. For a more detailed discussion see the indymedia apache logging page.

mod_removeip

Andrew McNaughton wrote an apache module to disable IP logging, including code storing IP info in databases. This means that if you go to phpinfo.php you will see the REMOTE_ADDR as “localhost” for all connections. All logging in PHP apps will see the connection as being similarly addressed. This is better than just tweaking the apache logformat as it includes everything across the board, it will also stop all web applications (such as drupal) from storing things in its database. This works for both apache1 and apache2. At the moment it implements this policy for everything, and cannot be enabled or disabled per virtual hosts.

If you are using debian, mod_removeip is available in etch and sid:

for apache1.3:

apt-get install libapache-mod-removeip

for apache2:

apt-get install libapache2-mod-removeip

The development repository where you can get the original source from is available here.

NOTE: As mod_removeip overwrites the IP address on the environment variables set by Apache, whatever accesses this REMOTE_ADDR environment variable will be returned ‘localhost’. This should be the case for all other Apache modules and processes initiated via CGI.

As such, any attempts to use IP address methods to block access will fail (as long as they rely on REMOTE_ADDR – which all I know of do).

Using IP address based filtering is not suitable for organizations that wish to maintain a strict site policy of no logging, such as Indymedia, other means of filtering are available and should be used instead. Please see thread "Preventing HTTP based spam by Captchas and content filters" on imc-tech.

use syslog-ng-anon

If you are using syslog ng anon, you can simply pipe log messages to logger, and let syslog-ng remove the IPs:

set these values in /etc/apache/httpd.conf:

LogFormat "%v \"%r\" %>s %b \"%{Referer}i\"" privacy_format
CustomLog "| logger -t apache -p daemon.info" privacy_format
ErrorLog "| logger -t apache -p daemon.err" 

put this in /etc/syslog-ng/syslog-ng.conf:

filter f_strip { strip(ips); };
filter f_apache { program("apache") and level(info); };
destination d_apache { file("/var/log/apache/access.log"); };
log {
    source(s_all);
    filter(f_apache);
    filter(f_strip);
    destination(d_apache);
    flags(final);
};

filter f_apache_err { program("apache") and level(err); };
destination d_apache_err { file("/var/log/apache/error.log"); };
log {
    source(s_all);
    filter(f_apache_err);
    filter(f_strip);
    destination(d_apache_err);
    flags(final);
};

patch apache

Alternatively, JB has provided the following simple patch that can be applied to src/main/http_log.c

                                                                                 
     if (r) {                                                                   
         /* XXX: TODO: add a method of selecting whether logged client          
          * addresses are in dotted quad or resolved form... dotted             
          * quad is the most secure, which is why I'm implementing it           
          * first. -djg                                                         
          */                                                                    
         len += ap_snprintf(errstr + len, sizeof(errstr) - len,                 
*                 "[client %s] ", r->connection->remote_ip);                     
+                 "[client 0.0.0.0] ");                     
     }