Anonymize client IP for logging

Strip the last octet or compute a hash of client IP address for anonymization.

VCL

Use this solution in your VCL service (click RUN below to test this solution or clone it to make changes):

Compute@Edge

Use this solution in your Compute@Edge service:

  1. Rust
const KEEP_IPV4_BYTES: usize = 3;
const KEEP_IPV6_BYTES: usize = 6;
if let Some(ip) = req.get_client_ip_addr() {
let anon = anonymize(&ip);
log::info!("IP {} anonymized to {}", ip, anon);
} else {
log::info!("could not find client ip");
}
fn anonymize(ip: &IpAddr) -> IpAddr {
match ip {
IpAddr::V4(ip) => {
let mut o = ip.octets();
o[KEEP_IPV4_BYTES..].copy_from_slice(&[0; 4 - KEEP_IPV4_BYTES]);
IpAddr::V4(o.into())
}
IpAddr::V6(ip) => {
let mut o = ip.octets();
o[KEEP_IPV6_BYTES..].copy_from_slice(&[0; 16 - KEEP_IPV6_BYTES]);
IpAddr::V6(o.into())
}
}
}