httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 59765] provide a way to obfuscate/hash IP addresses
Date Sat, 23 Jul 2016 14:37:41 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=59765

--- Comment #8 from William A. Rowe Jr. <wrowe@apache.org> ---
https://lists.apache.org/thread.html/c4d7a66ca113727a1eb3f2fc3e17e367e08cd38a7fc36d5a252422df@1443710720@%3Csite-dev.apache.org%3E

I'd done this without patching mod_status...

<Location /server-status>
  SetHandler server-status
  <If "%{CONN_REMOTE_ADDR} != '127.0.0.1'">
    SetOutputFilter Sed OutputSed "s#<td>[^<]*</td><td
nowrap>#<td>redacted</td><td nowrap>#g"
  </If>
</Location>

This provides no client IP, unless a trusted service (e.g. the host itself) is
inspecting the output.

The issue with hashing the IP is that it is reasonably reversible, being only
one DWORD of data (excepting IPv6). The salt can be ascertained by examining
the salt applied to the requester's own entry in the status output.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message