Web service for IP anonymisation.
Copyright (c) 2011, Canonical Ltd
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
anonymiseip anonymises IPv4 addresses using the MaxMind GeoIP database. Source addresses are mapped to country level, then assigned a different address from within that pool. To avoid known address back-mapping, the source address is hashed, and the hash taken mod pool-size to pick the new address. As IPv4 address space is very small, this is still vulnerable to brute forcing - its feasible to generate every single mapping, and if a single mapping is found it would be possible to cater for salted hashes as well. As such, this is not suitable for protecting against malicious attacks, it is however suitable to use when ensuring employees do not have casual access to the IP address from weblogs, which count as personally identifying information, while still giving employees access to the same logs so they can look at usage patterns and troubleshoot slow requests etc.
To anonymise an IPv4 address, perform a GET to /ipv4/x.y.z.a, the response will be a 200 OK + the new ip address, or a 5xx error.
- Python 2.6+
- Maxmind GeoIP Python library and a country level database.
Run python -m anonymiseip.main in an environment with all the dependencies available. Alternatively run ./bootstrap.py to create bin/buildout, then bin/buildout to create a bin/py and finally bin/py -m gpverify.main.
Note that the GeoIP Python library and database may have to be installed by hand. On Ubuntu systems they are available in the python-geoip and geoip-database packages respectively. Anonymiseip looks for the database in ‘/usr/share/GeoIP/GeoIP.dat’.
anonymiseip is stateless and fast, so just use it directly for testing.
Pass –host 0.0.0.0 –port 0 will cause a port to be dynamically allocated and printed out, which your test driver can then use.