Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to disable logging of ip addresses?

The forum logs the ip address of every user. Is it possible to disable this behavior?

thanks in advance,
Tom

Comments

  • Oh, and btw - the forum logs for some users 0.0.0.2, which happens in cases when they login via ipv6. I think this is a bug.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP
  • Thx, and what about disabling?

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    Sorry, I don't know about that. Hopefully a code guru will see this at some point, and let you know if it is an easy option to change.

  • R_JR_J Ex-Fanboy Munich Admin

    The IP is fetched with methods from the Request class that you cannot mess around it. You could run some PHP code to change the $_SERVER environment in /conf/bootstrap.before.php but that is pointless.

    Your server logs all IP addresses and passes them over to PHP. If you want to grant your users that their IP is not logged, you should use apaches SetEnv and dontlog features to never show any "real" IP. I don't think it will be a problem if all users are coming from one IP address, but you would have to give that a short try before you go into production with such a tweak.

  • LincLinc Detroit Admin
    edited April 2018

    I'd be interested in further discussing a change to Vanilla's core that disabled IP collection optionally. I've started an issue here: https://github.com/vanilla/vanilla/issues/7111

    Please recognize that the timeline for something like this is likely "next year or beyond", not something I can do real quick before 2.7 or something. IP addresses are a foundational assumption in the software so I'm mildly terrified at the idea of how much work this could potentially be.

  • phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP

    @tomx: Are you looking into this because of the upcoming European GDPR-regulations?

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • Dr_SommerDr_Sommer Dr. of tender Programing ;) ✭✭

    Hi..
    Yes, this is a huge matter in EU Countrys... it seems like everybody is in panic, due to possible draconic penalties.. :open_mouth:

    I think I killed almost all IP loggings on my server... left is just Vanilla... :open_mouth:
    Is there a way to hard code something like 0.0.0.0. instead of the real IP?

  • R_JR_J Ex-Fanboy Munich Admin

    @Dr_Sommer: Why? You are not supposed to do so.

    As I've said before: doing this on the PHP level is the wrong approach since client/server communication is handled on the server. The moment the IP is handled from the server over to the script is where you have failed if you want to grant maximum anonymity.

    But I never was a fan of only questioning people and telling them they are using the wrong approach. If I can, I show how to follow that wrong path :wink:

    In this case, I would assume it is enough to patch class.request.php. Line 757 shows following code:

            $ip = forceIPv4($ip);
            $this->_environmentElement('ADDRESS', $ip);
    

    Changing it to

            $ip = forceIPv4('77.87.229.76');
            $this->_environmentElement('ADDRESS', $ip);
    

    should make your server believe that every user has the same IP like the Bundesamt für Sicherheit in der Informationstechnik

    Beware! Some scripts might use the IP to differentiate between users, which would be wrong. And if you like to use an IP that is reserved for localhost or local networks, you might open your forum up for security issues.

  • Dr_SommerDr_Sommer Dr. of tender Programing ;) ✭✭

    @Rj. Sooo... as usual, I think it should be easy and the truth is the opposite?? :lol::lol::lol:

    Okee.... hmm.... I`m going with the patching, so I have enough Time in the future to look into your 1st suggestion... :+1::lol::+1:

  • Dr_SommerDr_Sommer Dr. of tender Programing ;) ✭✭

    p.s.: Its working!! :heart:

    And nice Touch with the IP Number, RJ... :lol::+1:

Sign In or Register to comment.