mod_anonstats

An Apache httpd module for web sites log anonymization.

mod_anonstats is a module aimed to be used by admin of servers where users privacy is considered first than any other thing. This module can fully hide the IP address in web server log files replacing it with 127.0.0.1, or can be used in "Hashing" mode, where every IP address is scrambled using an MD5 hashing algorithm.

Hashing mode can be useful if the server uses some statistical analisys software that counts on IP address to distingush between visitors and hits. In this case the same IP is always replaced with the same scrambled hash and the statistics software can still continue to work (anyway, if the stats software gather geographics information from IP, this kind of tracking can't work anymore).

Module usage

Module installation is straightforward, just copy mod_anonstats.so into the apache module folder.

Configuring the module is simple too, the following is a snippet of an example configuration:

LoadModule anonstats_module /usr/lib/apache2/modules/mod_anonstats.so

ASAnonymize Full
ASSaltTimeout 60
ASLockFile /var/run/apache2/mod_anonstats_lockfile
ASShmFile /var/run/apache2/mod_anonstats_salt

The most important directive is ASAnonymize. Possible values for this parameter are: None, Hash, Full; When set to None, no IP anonymization will be performed and log files keeps the real IP address of web site users:

192.168.1.100 - - [22/May/2009:22:53:37 +0200] "GET / HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10"
192.168.1.100 - - [22/May/2009:22:53:37 +0200] "GET / HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10"

Setting the ASAnonymize to Hash tells the module to do a scrambling of IP address. The following log lines refers to the same client of the previous one, but with anonymization active:

169.220.237.176 - - [22/May/2009:14:39:36 +0200] "GET / HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10"
169.220.237.176 - - [22/May/2009:14:39:37 +0200] "GET / HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10"
[...some time later...]
30.16.52.155 - - [22/May/2009:22:43:17 +0200] "GET / HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10"
30.16.52.155 - - [22/May/2009:22:43:18 +0200] "GET / HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10"

as we can see the real IP address is hidden (it was 192.168.1.100 in the example above). In hashing mode, every IP address is mapped with a scrambled one, and this mapping changes every X minutes, where X is the value of ASSaltTimeout parameter.

In Full mode every IP is changed to 127.0.0.1, and the ASSaltTimeout parameters is ignored. In the following log snippet 127.0.0.1 is resolved to "localhost":

localhost - - [22/May/2009:22:59:52 +0200] "GET / HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10"
localhost - - [22/May/2009:22:59:53 +0200] "GET / HTTP/1.1" 200 33 "-" "Mozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10"

ASLockFile and ASShmFile specifies path for a thread lock and shared memory segment needed by mod_anonstats to work. The values written in the example are the default one.

Development

A public Git repository is available at gitorious.org.

Download

The latest stable version is v1.0.

Author

For every question, you can contact me by email (click on the dots to see the complete email).

Cristian Maglie <..........@bug.st>