Stopping Drupal from Logging IP Addresses
blindsheep - March 30, 2005 - 10:12
Is there a way to do this? I don't want to disable the watchdog module, just stop it from collecting the ip addresses.
Thanks,
Shawn
User login
Contributor links
- Community initiatives
- Queues
- Play patch bingo!
- Play bug bingo!
- Mailing list archives
- Drupal.org webmasters
- Drupal.org server administrato
rs - Drupal.org CVS applications
- Web links
No, there's no current way
No, there's no current way to do this. Doing so is merely obscurity anyways - the IPs will still be logged in the webserver's log files. Could I ask why you'd like this?
http://disobey.com/
http://gamegrene.com/
I concur
It would be very nice if this was possible. The reason for an admin wanting to do this (disable IP-logging) is really not an issue here, or did I miss something here? I mean, it should be possible to disable just about any type of "feature"; even if the default setting is enabled.
__
~/joho.se; @ the end of a smile, there's a laugh and a 1/2
Feature bloat
Not necessarily. If it does not make sense to disable an option, then it should not be there or it will only complicate the UI unnecessarily.
If you can provide a compelling reason why, we might consider it. But just saying "it should do this" is not good enough.
--
If you have a problem, please search before posting a question.
Protecting Dissidents
Disabling IPs is a way of dealing with political repression. If your website is oriented around "subversive" ideas and attracts a lot of dissidents it's a good idea to consider turning off IPs. If the cops seize your server, they'll have a nice list of dissidents' IPs which could potentially jeapordize a lot of people. Even if they don't seize the servers, they could force the admin to give up the IPs of particular dissidents. If you don't log IPs it provides an extra layer of security against this kind of repression.
Disabling IPs is a way of
Exactly!
I posted this question to Civicspace (http://civicspacelabs.org/home/node/10389#comment-2514) since we have the same problem. While the replies were interesting and helpful, there doesn't seem to be a solution in sight yet.
Our web site is for a global campaign and while we have gone to extraordinary lengths to register for domain name privacy protection service, all some one would need to do is to hack into our CS install and get the IP addresses that have been logged. Since we use a broadband connection, it will take only hours or days before the authorities track us down. I know that one can use proxies, but that is just one additional layer that can be ultimately cracked.
I don't know about Drupal, but I believe that at least CS should come with such security features out of the box.
Correct me if I'm wrong
But, I'm not really sure that Ip are so usefull. In fact (in France, but I think in other country it's the same), you need a court order to ask ISP to reveal the address of the IP owner, so it's quite dificult to obtain such information.
Btw if you really want to disable it, you should have a look into bootstrap.inc line 599 (in Drupal 4.6 RC).
Just replace :
<?phpdb_query("INSERT INTO {watchdog} (uid, type, message, severity, link, location, hostname, timestamp) VALUES (%d, '%s', '%s', %d, '%s', '%s', '%s', %d)", $user->uid, $type, $message, $severity, $link, request_uri(), $_SERVER['REMOTE_ADDR'], time());
?>
by
<?phpdb_query("INSERT INTO {watchdog} (uid, type, message, severity, link, location, timestamp) VALUES (%d, '%s', '%s', %d, '%s', '%s', '%s', %d)", $user->uid, $type, $message, $severity, $link, request_uri(), time());
?>
Now, Drupal will not register anymore IP addresses.
But now you should consider Apache's logs, your router etc... And I don't know how to do it.
Thanks for the Helpful Response
Tostinni,
Thank you for the response, I was able to do what you suggested, but rather than removing '$_SERVER['REMOTE_ADDR'] which creates a syntax error, I simply had to replace it with any bogus string such as '0.0.0.0' which it writes everytime.
I'm aware that unix/linux logging also has to be turned off in order to have the desired effect.
Again, thanks for answering my question in a quick and straight forward manner.
Check your removing
Did you also remove , hostname at the begining of the query ?
Great if it helps you, now if you got some tips for removing the others logs, advise us, it maybe usefull. For apache, have a look in httpd.conf search for LogFormat. For others, well keep looking ;)
Allow nulls for hostname
alter table watchdog modify hostname varchar(128) null;Will let the code that Tostinni provided work.
Uhhh. There are a LOT more
Uhhh. There are a LOT more places to disable IPs than just in Drupal. When folks ask for your logs, they're generally asking for the standard /var/log/, not the logs carried by a custom CMS that they know nothing about. Disabling IP logging in Drupal without disabling it everywhere else is nothing but a paper roof when it's raining ("a paper roof when it's raining"? what the hell?!)
http://disobey.com/
http://gamegrene.com/
Exactly
Yep!
However, there are a few things you can try. Try turning off access logging in your apache installation's conf file or have a cron job that deletes the access log every few minutes. Then modify the watchdog source to not log the ip address.
-- jalbrant.com --
Authorities can get the IPs
Authorities can get the IPs from your hosting service, which probably maintains their own set of logs.
good idea, wrong solution
You have a valid point there about protecting political activists, but turning off ip-logging in the drupal install is not the answer to your problem. As mentioned in various comments on this post: the apache logs contain the information anyway. And ISP's keep logs about which ip queries which server.
If protecting activist is of your concern then please educate them how to protect themselves in general. Write a tutorial on how to install and use tor and teach them how to use anonymous proxy servers. That way the ip that turns up in these logs would be the ip of the end node of the tor network or that of the proxy server and not their own ip...
While you're at it, learn them about pgp or gnupg and gaim-otr or scatterchat.
As for the drupal part, you might want to try to install an SSL certificate on the sever so people can communicate with your website using ssl. I don't know if this is easy to do nor how to do it, but you could try and ask for help on how to do that: open source people are generally very friendly ;)
Michael Cox
Studiekring Vrij Onderzoek
Disabling IP Logging
Drupal logs IP addresses in several places. It's important to disable them all if you wish to preserve the anonymity of your users.
A good way to start the search for possible "IP Address Leaks" is by using Unix `grep` to find every place Drupal references the $_SERVER['REMOTE_ADDR'] variable.
$ cd /var/www/drupalsite$ grep -r REMOTE_ADDR .
On our installation, REMOTE_ADDR is used in:
includes/bootstrap.incincludes/session.inc
includes/common.inc
modules/poll.module
modules/statistics.module
modules/comment.module
In each of these files, the client's REMOTE_ADDR is inserted into the database. The same process can be used to "scrub" all of these files... for example, session.inc's sess_read() function can be edited as such:
function sess_read($key) {
global $user;
$result = db_query_range("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s' AND u.status < 3", $key, 0, 1);
if (!db_num_rows($result)) {
# uncomment this line to enable IP logging
#db_query("INSERT INTO {sessions} (sid, uid, hostname, timestamp) VALUES ('%s', 0, '%s', %d)", $key, $_SERVER["REMOTE_ADDR"], time());
# comment this line to enable IP logging
db_query("INSERT INTO {sessions} (sid, uid, hostname, timestamp) VALUES ('%s', 0, '%s', %d)", $key, '0.3.2.1', time());
$result = db_query("SELECT u.* FROM {users} u WHERE u.uid = 0");
}
Note that some functionality may be compromised by this process; from Drupal's perspective, every user shares the same IP address. In particular, the contact module implements a flood control mechanism which uses User/IP combination to key activities to individual users.
Why not just hack
Why not just hack settings.php:
$_SERVER['REMOTE_ADDR']='0.0.0.0';--------------------- WEBg8 ---------------------
For sites stopping Apache from logging, we need Drupal to stop
For Indymedia and other public-participation sites that want to have no chance of abetting the prosecution or arrest of a user for speech, I think this option is very worth getting in core.
The alternative is to make a custom module that wipes these clean but given all the places IPs seem to be being logged, at minimum we need an awareness of this issue among core and contrib developers to help track them down. Better would be to build in the no-IP-logging option.
Thoughts for next steps?
~ben
Agaric Design Collective :: http://AgaricDesign.com/ :: Open Source Web Development
Issue Posted
Issue posted here (against 6.x).
~ben
People Who Give a Damn :: http://pwgd.org/ :: Building the infrastructure of a network for everyone
Agaric Design Collective :: http://AgaricDesign.com/ :: Open Source Web Development
It's trivial to stop apache
It's trivial to stop apache from logging IP addresses -- just leave the remote host (%h) out of the log file format definition, e.g.
LogFormat "%l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedPersonally, what I have been doing is periodically scrubbing the drupal database of IP addresses. But, some may find a log configuration option to be preferable.
Do you have a script or module to scrub the drupal database?
Drupal gets the IP addresses quite apart from the Apache log, no?
In any case I hear from the Indymedia Worcester group that Akismet, for one, gets flaky without IP addresses, so for a site that has to allow anonymous content but cannot allow IP logging of its users (the classic Indymedia setup), the settings.php hack to set all IP addresses to naught is not a practical solution.
Constant scrubbing looks like the best approach to help protect users from intrusion of their privacy.
Really, though, it should be an option to simply tell Drupal core, at least, not to log IP addresses in the first place.
~ben
People Who Give a Damn :: http://pwgd.org/ :: Building the infrastructure of a network for everyone
Agaric Design Collective :: http://AgaricDesign.com/ :: Open Source Web Development
It's only been a year
I found time to clean it up and post it: http://drupal.org/project/ip_anon
I haven't actually put it in use so please report any bugs/feature requests.
some info
hi ,
For apache 2 there is a module for apache If i remember good it's called mod_remove-ip ; then IPs can't be logged anymore by drupal ;) more information can be found : http://dev.riseup.net/privacy/apache/ , & here http://docs.indymedia.org/view/Sysadmin/ApacheLogsWithoutIPs ,
If you want to just annonymize drupal then you can find some solutions here http://docs.indymedia.org/view/Global/AnonymizingDrupal however I found the suggestment given by imc (to replace ip addresses by time more useful as spam filters can work without blocking all the users ;) ) ...