I'm not sure if this feature request should be posted here ore elsewhere?
According to German legislation it is illegal to store IP addresses, because they are treated as personal data.
Google is providing the method _anonymizeIP() which replaces the last octet of the IP address by asterisk.
I applied the following modification to bootstrap.inc as a temporary fix and it works since months w/o any problem under D6 and D7:
$_SERVER['REMOTE_ADDR'] = substr( $_SERVER['REMOTE_ADDR'], 0, strrpos( $_SERVER['REMOTE_ADDR'], '.') + 1 ) . '*';
But I dislike modifications to the standard Drupal code ;-)

Comments

mfb’s picture

As far as I can tell, settings.php always executes before ip_address() is called, initializing the $ip_address static variable. Thus you should be able to use this snippet in settings.php, where you are not modifying Drupal code.

mfb’s picture

Status: Active » Closed (works as designed)

The only problem with this code snippet is that it breaks Drupal core's flood control (all login attempts, contact form submissions, etc. appear to be on one IP address), so is not recommended unless you know what you're doing :)

owen barton’s picture

There is a patch at http://drupal.org/node/126197#comment-6091310 that takes this approach, but breaks flood control in the opposite direction (i.e. stops it triggering rather than blocking all users) by giving all users a random IP for each request.

mfb’s picture

I just uploaded Cryptolog module - https://drupal.org/project/cryptolog - which replaces $_SERVER['REMOTE_ADDR'] with a Base64-encoded HMAC of the IP address, using a random salt which is stored in memory and regenerated each day.

It of course needs to be executed in early bootstrap, but I packaged it as a module so it can be updated. It is enabled by adding $conf['cache_backends'][] = 'sites/all/modules/cryptolog/cryptolog.inc'; at the bottom of settings.php.

Codenext’s picture

Issue summary: View changes

@mfb

Hi, Addressing to Comment#4,

In your comment you have mentioned,

It of course needs to be executed in early bootstrap, but I packaged it as a module so it can be updated. It is enabled by adding $conf['cache_backends'][] = 'sites/all/modules/cryptolog/cryptolog.inc'; at the bottom of settings.php.

Could you please let us know that, do we need to use this line after installing cryptolog module. Or just we need to install module enable it and it is good to go. I'm using it in Drupal 8 site.

Much Thanks,

mfb’s picture

@Codenext cryptolog module should work fine on Drupal 8 by simply installing it. The settings.php file tweak was only necessary in Drupal 7.

Codenext’s picture

@mfb Thanks for information and clarification, much appreciated, sorry for late reply, was away from internet.