search close

IP Anonymization

access_time Updated Jan 11, 2022

What is IP Anonymization?

IP Anonymization is a site-level customization that changes the way Signal Sciences stores and uses remote client IP addresses. By default IPs are not anonymized. When a customer chooses to enable IP Anonymization, agents for a specific site will anonymize an IP before sending it to the cloud. Signal Sciences will convert IPs into the anonymized IPv6 by performing a one-way hash. As a result, Signal Sciences databases will not have knowledge of the actual IP and it will appear anonymized throughout the console.

Actual IPs are converted to anonymous IPv6 using rfc7343.

The IP is anonymized in all headers and data fields with the anonymized IPv6. In addition, the actual IP is truncated by setting the last octet of an IPv4 IP address and the last 80 bits of an IPv6 address to zeros and stored as metadata on the record.

Note: The following features will not work when IP Anonymization is enabled:

  • DNS lookups
  • CIDR support in the search console
  • Network Data Insights (partial functionality)

How do I enable IP Anonymization?

IP Anonymization can be enabled by navigating to Site Manage > Site Settings. IP Anonymization will be listed as disabled by default. To enable it, select the Active radio button. You will have to acknowledge and consent that some functionality will not work with IP Anonymization enabled, as explained in the note above.