****************************************************
anonymiseip: A web service to anonymise IP addresses
****************************************************
Copyright (c) 2011, Canonical Ltd
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
anonymiseip anonymises IPv4 addresses using the MaxMind GeoIP database. Source
addresses are mapped to country level, then assigned a different address from
within that pool. To avoid known address back-mapping, the source address is
hashed, and the hash taken mod pool-size to pick the new address. As IPv4
address space is very small, this is still vulnerable to brute forcing - its
feasible to generate every single mapping, and if a single mapping is found it
would be possible to cater for salted hashes as well. As such, this is not
suitable for protecting against malicious attacks, it is however suitable to
use when ensuring employees do not have casual access to the IP address from
weblogs, which count as personally identifying information, while still
giving employees access to the same logs so they can look at usage patterns
and troubleshoot slow requests etc.
To anonymise an IPv4 address, perform a GET to /ipv4/x.y.z.a, the response
will be a 200 OK + the new ip address, or a 5xx error.
Dependencies
============
* Python 2.6+
* Maxmind GeoIP Python library and a country level database.
Installation
============
Run python -m anonymiseip.main in an environment with all the dependencies
available. Alternatively run ./bootstrap.py to create bin/buildout, then
bin/buildout to create a bin/py and finally bin/py -m gpverify.main.
Note that the GeoIP Python library and database may have to be installed by
hand. On Ubuntu systems they are available in the python-geoip and
geoip-database packages respectively. Anonymiseip looks for the database in
'/usr/share/GeoIP/GeoIP.dat'.
Testing
=======
anonymiseip is stateless and fast, so just use it directly for testing.
Pass --host 0.0.0.0 --port 0 will cause a port to be dynamically allocated and
printed out, which your test driver can then use.
