mod_removeip - remove information about the remote IP
This module throws away the information on the remote IP and
hostname right at the beginning of handling the request. That means
its not logged, is not available to any web apps, and can't leak
into error logs and the like.
This is written for use on servers with a strict policy on
protecting the identity of their users. If the Spooks come and
demand that you hand over your server so they can try to identify
one of your users, this should be enough that you can categorically
state that there is no IP info to be found, and might mean your
server doesn't go offline.
There is currently no facility for enabling the module on a per site
or per directory basis. It's an all or nothing thing. This is
because the intent is to make sure IP info is not on the server at
all. If people want more configurability, I might release an
I've included some configuration files as they'd appear on a typical
debian apache installation. They may be instructive for other
distributions. There's talk of getting a .deb file put together shortly.
Compile and Install for apache 1.3
Compile and Install for 2.0:
# Enable module. Nothing happens without this directive.
Andrew McNaughton <firstname.lastname@example.org>
Based on code from mod_rpaf by Thomas Eibner <email@example.com>