Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
How to disable logging of ip addresses?
tomx
New
The forum logs the ip address of every user. Is it possible to disable this behavior?
thanks in advance,
Tom
0
Comments
Oh, and btw - the forum logs for some users 0.0.0.2, which happens in cases when they login via ipv6. I think this is a bug.
Re: 0.0.0.2, see this post:
https://open.vanillaforums.com/discussion/comment/252084/#Comment_252084
Thx, and what about disabling?
Sorry, I don't know about that. Hopefully a code guru will see this at some point, and let you know if it is an easy option to change.
The IP is fetched with methods from the Request class that you cannot mess around it. You could run some PHP code to change the $_SERVER environment in /conf/bootstrap.before.php but that is pointless.
Your server logs all IP addresses and passes them over to PHP. If you want to grant your users that their IP is not logged, you should use apaches
SetEnvanddontlogfeatures to never show any "real" IP. I don't think it will be a problem if all users are coming from one IP address, but you would have to give that a short try before you go into production with such a tweak.I'd be interested in further discussing a change to Vanilla's core that disabled IP collection optionally. I've started an issue here: https://github.com/vanilla/vanilla/issues/7111
Please recognize that the timeline for something like this is likely "next year or beyond", not something I can do real quick before 2.7 or something. IP addresses are a foundational assumption in the software so I'm mildly terrified at the idea of how much work this could potentially be.
@tomx: Are you looking into this because of the upcoming European GDPR-regulations?
Hi..
Yes, this is a huge matter in EU Countrys... it seems like everybody is in panic, due to possible draconic penalties..
I think I killed almost all IP loggings on my server... left is just Vanilla...
Is there a way to hard code something like 0.0.0.0. instead of the real IP?
@Dr_Sommer: Why? You are not supposed to do so.
As I've said before: doing this on the PHP level is the wrong approach since client/server communication is handled on the server. The moment the IP is handled from the server over to the script is where you have failed if you want to grant maximum anonymity.
But I never was a fan of only questioning people and telling them they are using the wrong approach. If I can, I show how to follow that wrong path
In this case, I would assume it is enough to patch
class.request.php. Line 757 shows following code:$ip = forceIPv4($ip); $this->_environmentElement('ADDRESS', $ip);Changing it to
$ip = forceIPv4('77.87.229.76'); $this->_environmentElement('ADDRESS', $ip);should make your server believe that every user has the same IP like the Bundesamt für Sicherheit in der Informationstechnik
Beware! Some scripts might use the IP to differentiate between users, which would be wrong. And if you like to use an IP that is reserved for localhost or local networks, you might open your forum up for security issues.
@Rj. Sooo... as usual, I think it should be easy and the truth is the opposite??
Okee.... hmm.... I`m going with the patching, so I have enough Time in the future to look into your 1st suggestion...
p.s.: Its working!!
And nice Touch with the IP Number, RJ...
