[tor-bugs] #23243 [Metrics/Metrics website]: write a spec for web-server-access log descriptors

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 7 13:33:10 UTC 2017

#23243: write a spec for web-server-access log descriptors
 Reporter:  iwakeh                   |          Owner:  metrics-team
     Type:  enhancement              |         Status:  needs_review
 Priority:  Medium                   |      Milestone:
Component:  Metrics/Metrics website  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:                           |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:

Comment (by karsten):

 Replying to [comment:19 iwakeh]:
 > Replying to [comment:17 karsten]:
 > > Replying to [comment:14 iwakeh]:
 > > > Another addition:
 > > >
 > > > Even though Tor's Apache webservers are configured to only provide
 three ip addresses (e.g. `0.0.0.{0,1,2}`) all lines with different ips are
 accepted and sanitized to ip ``.
 > > >
 > > > Or, should such lines be discarded?
 > >
 > > Right now addresses are kept as long as they start with `0.0.0.`,
 which seems plausible to me. The spec draft should also say that.
 > Agreed.  My question was a different one: what about log lines that
 contain other ips (e.g. in case Apache suddenly logs more
 Currently these would be replaced by and the sanitized lines kept.

 Ah, hmm. I think that both the current script and the specification draft
 say that we ''drop'' any lines not starting with `0.0.0.`, but if a line
 matches that, we keep the `0.0.0.x` address unchanged.

 But I wonder if we should change that to "keep any address starting with
 `0.0.0.` and replace everything else with ``". That way we could
 easily sanitize logs from web servers using different log formats that are
 compliant with Apache's Common Log Format. What do you think?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23243#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list