anonymizeip and banning

21 May 2018, 14:20
In view of the GDPR that will be in effect in the EU in less than a week, I'd like to anonymize the IP in Hiawatha's log files using the anonymizeIP =yes directive. However, I wonder if the ban options are still effective in this case. If the IP is anonymized, how does Hiawatha know which IP to ban?
Hugo Leisink
21 May 2018, 17:10
The AnonymizeIP only affects the output of IP's in the logfiles. I already planned to write a weblog article about Hiawatha and the GDPR. Will be published soon.
21 May 2018, 17:22
Can't wait to read it! Until then, thanks a lot for both the rapid reply and (of course) Hiawatha. I'll go ahead then with anonymizing the IPs.
And I can't figure out how you do that....fail2ban, for example, needs actual IPs in the logs or it won't work. Well, I guess you'll tell us in the forthcoming article.
Hugo Leisink
22 May 2018, 07:47
I've published the weblog article about Hiawatha and the GDPR.
22 May 2018, 19:53
Thanks, Hugo. I've left a comment there.

It's too bad you didn't include the information that the anonymize option does not affect Hiawatha's banning features. It may be obvious to you, to most people will rather be familiar with tools such as fail2ban, which is crippled if the webserver writes anonymized IPs to the log. Well, perhaps it is obvious, since fail2ban does not get the page request, and thus has no way of getting the IP other than from the log, but I still think it would be worth to mention.
This topic has been closed.