Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Cryptolog

78 sites Security covered
View on drupal.org

Cryptolog enhances user privacy by logging a daily rotating, hashed version of client IP addresses instead of their actual values. This allows for basic statistical analysis while helping to comply with privacy regulations like GDPR. The module ensures that Drupal's built-in security features, such as flood control, continue to function correctly.

Cryptolog enhances user privacy (and compliance with data protection and consumer privacy regulations such as GDPR, CCPA/CPRA, etc.) by logging ephemeral identifiers in place of client IP addresses in Drupal logs and database tables.

When Cryptolog is enabled, \Drupal::request()->getClientIp() and Drupal 7's ip_address() output a 128-bit keyed hash of the client IP address (in IPv6 notation), using a salt that is stored in the cache and regenerated each day.

Because Cryptolog uses the same unique identifier per IP address for a 24-hour period, it is still possible to do some statistical analysis of the logs such as counting unique visitors per day. In addition, unlike other solutions of setting $_SERVER['REMOTE_ADDR'] to either one static IP address or a completely random IP address, Drupal's flood control mechanisms still function as normal.

Note: As long as the salt can still be retrieved, brute force can be used to generate a rainbow table and reverse engineer client IPv4 addresses. However, once the salt has expired and a new salt regenerated, or the salt was stored only in memory and the web server has been shutdown or restarted, it should not be feasible to determine client IP addresses, aside from using forensic methods on unencrypted swap space, etc.

Requirements:

Cryptolog has no special requirements, although APCu PHP extension, Memcache module and/or Redis module are recommended to serve as an in-memory cache. If available, Sodium PHP extension will be used to generate BLAKE2b keyed hashes, otherwise falling back to HMAC-MD5 keyed hashes.

Drupal 7 requirements:

One of the following: APCu PHP extension or Memcache module is required as an in-memory key/value store for the salt. The backend store will be chosen automatically based on which backends are present, with a preference for Memcache which can be shared between servers. Please note that after enabling the module, you must also add it to your site's settings.php file! See README.txt for instructions. Likewise to disable the module you must remove it from your site's settings.php file. If available, Sodium PHP extension will be used to generate BLAKE2b keyed hashes, otherwise falling back to HMAC-MD5 keyed hashes.

Similar modules:

IP Anonymize logs IP addresses as per normal, and then retroactively scrubs them according to a configurable IP address retention period.

Credits:

This module was inspired by the Cryptolog Python log filter script and developed by mfb. You can support development by contributing or sponsoring.

Activity

Total releases
1
First release
Aug 2025
Latest release
10 months ago
Releases (12 mo)
1 ▲ from 0
Maintenance
Slowing

Releases

Version Type Release date
2.2.3 Stable Aug 18, 2025