[tor-bugs] #2489 [Website]: Set up new web server logging and log analysis infrastructure
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Feb 4 09:32:23 UTC 2011
#2489: Set up new web server logging and log analysis infrastructure
-------------------------+--------------------------------------------------
Reporter: karsten | Owner: phobos
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Keywords: | Points:
Parent: |
-------------------------+--------------------------------------------------
Comment(by rransom):
Replying to [ticket:2489 karsten (quoting phobos)]:
> 7. referrers (sanitized if it includes PII)
> 8. search engines, keyphrases and keywords
Search queries and other 'Referer' strings can easily be quite sensitive.
They will also be particularly hard to sanitize, so whatever process we
use to sanitize them will need a thorough review on or-dev.
> And we should remember that this is more than just the logs for www.tpo,
we have check, svn, gitweb, metrics, bridges, and trac websites to
analyze.
[https://check.torproject.org/ check.tpo] currently states: "This server
does not log ''any'' information about visitors." This published policy
for check.tpo should not be changed lightly, if at all.
Logs from gitweb.tpo and svn.tpo may disclose that someone is researching
a security bug in a particular piece of code; if sanitized logs from those
domains are published at all, they should be delayed by at least 24 hours.
As I understand it, the logs currently collected by BridgeDB/bridges.tpo
are quite dangerous. We should also look into reducing the amount of
sensitive information which that server stores.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2489#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list