The General Data Protection Regulation (GDPR) requires Personally Identifiable Information (PII) to be protected or not be processed or stored at all. An IP-Address counts as PII and therefore requires special treatment.
By default a Ruby on Rails application logs the IP-Address to a log file. One of the cleanest ways to protect visitors is to not log the actual IP-Address but an anonymized one.
A custom Rails::Rack:Logger
class inherits from ActiveSupport::LogSubscriber
and implements a custom method to produce logs without full IP-Addresses.
config/initializers/rack_logger.rb
module Rails
module Rack
class Logger < ActiveSupport::LogSubscriber
def started_request_message(request)
'Started %s "%s" for %s at %s' % [
request.request_method,
request.filtered_path,
anonymized_ip(request),
Time.now.to_default_s ]
end
def anonymized_ip(request)
ip = IPAddr.new(request.ip)
if ip.ipv4?
ip.mask(24).to_s
else
ip.mask(48).to_s
end
end
end
end
end