[privacy] Disable IP address storage

Currently any IP address is stored in plain(!) for any login an user does. This is not optimal for privacy.

I did not found any way to disable it. I would like to have an option to disable it.

For the meanwhile, is there a workaround to achive this?

A workaround would be to put a reverse proxy in front of the Kanboard instance, and configure it to NOT do any of the X-Real-IP/X-Forwarded-For/etc dance.

Need to test this but it may work, instead of putting a reverse proxy and unset the headers, try to set the headers with fake ip addresses:

RequestHeader set X-Forwarded-For 127.0.0.1
RequestHeader unset X-Real-Ip

This can be placed inside a <directory> for your kanboard installation, or inside a <virtualHost> or even to the whole server.

Just tested adding those lines on my kanboard virtual host and it works.
This is the order that kanboard checks for ips:

So let’s just set the X-Real-IP and it will log only this one no matter what other headers the request has:

RequestHeader set X-Real-Ip 127.0.0.1

Since the X-Real-Ip is the first header checked, we don’t have to unset any other header.