Skip to content
Snippets Groups Projects
Select Git revision
  • 2.x default
  • 8.x-1.x
  • 7.x-1.x
  • 2.2.2
  • 2.2.1
  • 2.2.0
  • 2.1.0
  • 2.0.0
  • 8.x-1.13
  • 8.x-1.12
  • 8.x-1.11
  • 8.x-1.10
  • 8.x-1.9
  • 7.x-1.9
  • 8.x-1.8
  • 8.x-1.7
  • 7.x-1.8
  • 7.x-1.7
  • 8.x-1.6
  • 8.x-1.5
  • 8.x-1.4
  • 7.x-1.6
  • 8.x-1.3
23 results
Compare
mark burdett's avatar
Issue #3279170 by mfb, zebda: No client interface set. in...
mark burdett authored 
Issue #3279170 by mfb, zebda: No client interface set. in Drupal\redis\ClientFactory::getClientInterface()
bcfa5a72
History
mark burdett's avatar bcfa5a72
History
Name Last commit Last update
src
tests
README.txt
cryptolog.info.yml
cryptolog.install
cryptolog.module
cryptolog.post_update.php
cryptolog.services.yml
README.txt
CRYPTOLOG
---------

Cryptolog enhances user privacy by logging ephemeral identifiers in IPv6
notation instead of client IP addresses in Drupal's database tables and syslog.

Cryptolog replaces \Drupal::request()->getClientIp() with a keyed hash of the
client IP address using a salt that is stored in memory and regenerated each
day.

Because Cryptolog uses the same unique identifier per IP address for a 24-hour
period, site administrators can do statistical analysis of logs such as counting
unique IP addresses per day. In addition, Drupal's flood control mechanism can
function normally.

Note: As long as the salt can still be retrieved, brute force can be used to
generate a rainbow table and reverse engineer the client IP addresses. However,
once the salt has expired and a new salt regenerated, or the web server has been
shutdown or restarted, it should not be feasible to determine client IP
addresses.

INSTALLATION
------------

To avoid storing the salt on disk, you can install the Memcache Drupal module,
the Memcache Storage Drupal module, the Redis Drupal module or the APCu PHP
extension to provide a memory-backed cache. If you do not, Cryptolog will
fallback to storing the salt in your database.

Cryptolog requires that PHP was compiled with IPv6 support enabled.

Cryptolog will use the Sodium PHP extension, if available, to generate keyed
hashes, otherwise falling back to the Hash PHP extension.

REVERSE PROXY AND FORWARDED HEADER SUPPORT
------------------------------------------

Cryptolog module could have side effects for sites that use a reverse proxy and
rely on trusted HTTP headers to determine the request scheme and/or HTTP host.
Because the client IP address no longer matches a trusted reverse proxy, the
HttpFoundation component will stop dynamically extracting request info from the
headers. Cryptolog attempts to detect if the scheme or HTTP host changes after
it initializes, and restores the original values to the environment in a way
that should typically fix things. Check the site Status Report page for more
information.

BUG REPORTS, FEATURE AND SUPPORT REQUESTS
-----------------------------------------

See https://www.drupal.org/project/cryptolog

CREDITS
-------

This module was inspired by the Cryptolog log filter script:
https://github.com/EFForg/cryptolog