From 47fad2007b263e1cfe7f6a4023c7288677de2daf Mon Sep 17 00:00:00 2001
From: Slatian <baschdel@disroot.org>
Date: Sun, 9 Feb 2025 16:37:10 +0100
Subject: [PATCH] Add privacy recommendation for reverse proxies

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index b927f78..0ac9de0 100644
--- a/README.md
+++ b/README.md
@@ -98,6 +98,10 @@ Most noably you can disable reverse dns lookups, hide domains with given suffixe
 `echoip-slatecave` only exposes an unencrypted http interface to keep the service itself simple.
 For a public service you should use a reverse proxy like Caddy, apache2 or nginx and configure the `ip_header` option, see the echoip_config.toml file. Usually the preconfigured `RightmostXForwardedFor` is the correct one, but please doublecheck it matches your servers configuration, it should fail by simply not working, but no guarantees given.
 
+Consider hiding the values of the following in your server logs for increased privacy:
+* The `query` URL query paramter
+* All paths subpath to `/ip/` and `/dig/`
+
 ### Denail of Service
 
 `echoip-slatecave` has some simle ratelimiting built in (see the `[ratelimit]` section in the configuration file) this should help you with too frequest automated requests causung high load.