Philipp Klaus's Computing Blog

Success is about speed and efficiency

Modify Apache Logging to Comply to German privacy law

As I'm not a lawyer, I can't tell you if the following pieces of advice are really needed, just enough or not necessary. I will further investigate the topic and you will be able to read about my findings here.

Deactivate Apache logging

Set the following Apache2 directives in your apache config file httpd.conf or in your virtual host configuration /etc/apache2/sites-available/yoursite:

LogFormat "%h" combined
ErrorLog /dev/null
CustomLog /dev/null combined
# or
CustomLog /dev/null " " env=doesnt_exist

Disable IP logging in Apache in order to comply to German privacy law:

An extreme measure would be the following:

This removeip module for the Apache 2 webserver allows for overwriting Apache's environment variable REMOTE_ADDR with a fixed value. This is necessary to anonymize all logs written by Apache and to prevent web applications from accessing the original IP address (not just for logging but for anything).

apt-get install libapache2-mod-removeip
a2enmod removeip
/etc/init.d/apache2 restart

And set the following log format in /etc/apache2/apache2.conf:

LogFormat " - - %t \"GET %U HTTP/1.0\" %s %b \"http://\" \"%i\""

instead of the default combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined. Refer to for further information on the possible logging fields.