Questions[privacy](server)

I have an apache/nginx/whatever web server which logs client IP addresses to the access logs. Now these log files are rotated via logrotate.

I want to keep the IP addresses for some days, then after 7 days, I want to remove the IPs from the log files for privacy reasons (mostly dictated by German law).

Using mod_removeip or something like that doesn't work because I need to filter some requests based on their IP addresses.

Is there any 'standard' way to do it? Maybe even with logrotate?

EDIT

I just found this script but it depends on the ability to pipe all logging through the script in real-time. I'm not really sure about the performance implication of this approach.

Also, this only works for the 'front-end' server logs, not the application server logs.

My business is... troublesome.

What I do is legal in every country on earth, but some people don't like it, and make it so tough on my poor ISPs that I am forced to go looking for new providers more often than I would like.

The only option I know of for somebody in my position is called "bulletproof hosting" (think wikileaks) and it isn't cheap.

The only thing that makes bulletproof hosting expensive, or anything different than typical hosting, is their legal stance when responding to "abuse" complaints via email. Your typical host will get fed-up after 5 or 10 no matter what the reason, and a bulletproof host will take the time to look through the legality of the matter and make a decision based on that.

As far as I know, these abuse emails are directly tied to the ip address on which their server sits, because they "own" that ip address and have the ability to lease it out to me on my expensive bulletproof server.

If I could answer them personally, I would save another company the trouble and hopefully save myself some money along the way.

How can I become the bulletproof host? Just rent out a room in my local DC and ask where to get the IPs from?

P.S. No... just because I know this will be the first question everyone asks - I am not some spammer or rule 34 pornographer, what I do is legal in every country. I said "think wikileaks"!

EDIT: Thank you once again for all of the amazing responses. Don't know why I've been lighting fires here recently. Thanks to everyone who saw through the smoke and provided me with meaningful answers.

Many times you don't want to be identified while surfing. For one thing your browsing history might be sold without your knowledge, and with no benefit to you.

I'm curious. I keep reading about how our ISPs and internet middle men record and keep track of all DNS requests basically leaving a trail of breadcrumbs in many logs, and also allowing DNS hijacking for advertising purposes(I'm looking at you Cox Communications!).

Regardless of other methods for privacy/security, I'd specifically like to know if it's possible to run a DNS server on your own local network, _that actually has the zone information of the root DNS servers(for .com,.net,.org) domains.

I know you can setup DNS that basically just maps machines in your domain, but is it possible to basically request a copy/transfer of the root DNS information to be stored on your own DNS server so you can bypass going out to the internet for DNS information at all for web browsing?

I hope I'm being clear. I do not want to my DNS server to only have information about my internal network -- I want it to have duplicate information that the big internet DNS servers have, but I'd like that information locally on my DNS server.

Is there something like BGP Zone transfers but for DNS?

Update: Are there any products/OSS software that could basically "scrape" this information from the external DNS chain into the local cache in large quantities so they're ready when you need them, versus caching them when you explicitly request the domain records?

Like for instance login into my bank account or knowing what information do I submit via HTTPs?

I'm not sure what proxy server do we have.