Anonymizing IPs Using HAProxy
At work, I had to come up with an easy way to anonymize the last octet of a logged IP address in order to comply with German data protection laws. If you’re using HAProxy (1.5+), you can do this in one line.
If you want to forward the source IP address to a backend server, you would usually use option forwardfor
. Sadly you can’t set or change the forwarded IP using that option, so instead you have to set the X-Forwarded-For
header manually.
http-request set-header X-Forwarded-For %[src,ipmask(24)]
This will set the last octet of the source IP address to zero.
The HAProxy documentation has more information on the various things I used in this post: