ipscrub_period_seconds
The `ipscrub_period_seconds` directive specifies the time interval in seconds for regenerating the salt used in the IP address anonymization process.
Description
The ipscrub_period_seconds directive configures the interval at which the salt used for hashing IP addresses is updated in the NGINX server. This interval is crucial for maintaining the anonymity of users by changing how their IP addresses are masked over time. The directive accepts a single argument, which denotes the number of seconds for the period. The default period is set to 600 seconds (or 10 minutes), meaning that every 10 minutes, a new salt will be generated, ensuring that the hashed IP address representation changes, further enhancing user privacy.
When this directive is set, every request processed by the NGINX server uses the current salt defined by the ipscrub_period_seconds. After the specified period elapses, a new salt is generated, leading to the possibility that repeated requests from the same user may be logged with different masked IP addresses post-period transition. This design prevents any adversarial attempts to track users' IP addresses over time while allowing for continuity of user identification within the same period. This is particularly useful in contexts requiring compliance with data protection regulations, such as GDPR, by minimizing the retention of identifiable information.
Config Example
http {
ipscrub_period_seconds 300;
log_format my_custom_format '$remote_addr_ipscrub';
}Setting this value too low may result in frequent changes of hashed IPs, reducing the ability to link requests from the same user.
Setting this value too high may risk exposing users' IP addresses over an extended period if the salt is compromised.