Feature #103
Change logging config
| Status: | Closed | Start: | ||
| Priority: | Low | Due date: | ||
| Assigned to: | simon | % Done: | 0% |
|
| Category: | Caching | |||
| Target version: | 0.4 - Rebel Yell (2b || !2b) | |||
| Resolution: | fixed |
Description
It's probably desirable to kill ip logging on the box, but I have no idea what impact this would have on other sites currently running. As a side note, quebec imc had its server seized only a few days ago, and had to give up logs which (apparently) contained IPs related to a bunch of posts about people burning cars in Montreal.
History
Updated by simon over 3 years ago
- Status changed from New to Closed
- Resolution set to fixed
Currently Apache doesn't log IP addresses. For VirtualHosts that have "combined-no-ip" as its CustomLog, the IP addresses were removed as well as a bunch of default logging parameters I thought were redundant.
I don't know if Rails logs IP addresses.
The only thing I think this will affect are statistics. If people start spamming we'll have to grab the IP addresses before they get to the log, and set up a blacklisting filter. This isn't too bad, since if the server is seized, authorities will only see the IP addresses we blacklist.
If necessary, /tmp was a 16MB ramdisk before it was filled up. We could re-initialize a ramdisk partition for temporary IP logging that gets wiped after an hour or something. I know they do it with an Apache module in some IMCs, but I don't know the state of this module.