Re: Privacy and HTTP intermediaries

On 03.05.2011 07:18, Willy Tarreau wrote:
> ...
> Many intermediaries will still log regardless of whatever new directive
> you add, and there are a lot of places where logging will be mandatory
> regardless of the cache-control header (which should control caching and
> not logging).
> Also, concerning the privacy, I see no reason for not logging something
> that is exchanged in clear text. This has always been the case for decades
> with the query string in GET requests etc... ; if you want some privacy,
> you know you need SSL.
> ...

Logging is one thing, preserving logs is another thing. Reminder: in 
some countries, the IP address is considered relevant for privacy (and I 
agree), thus preserving HTTP logs containing IP information for too long 
is not allowed.

Best regards, Julian

Received on Tuesday, 3 May 2011 05:36:43 UTC