I’ve been having some issues collecting the real IP address for error events sent to sentry using the python sentry_sdk package with the Django integration.
According to https://github.com/getsentry/sentry-python/blob/733662d417a7c272764baeeb41b947e5eccc1ad5/sentry_sdk/integrations/wsgi.py#L132-L149 the function will check 3 headers for the IP address.
But then https://github.com/getsentry/sentry-python/blob/733662d417a7c272764baeeb41b947e5eccc1ad5/sentry_sdk/integrations/wsgi.py#L235 suggests it’s not actually used unless the PII setting is set to True.
So my follow up question is what IP address is stored under the “Affected Users” section of an event? See the screenshot:
My goal is:
-
Collect the IP address for each unique visitor (so that we can count distinct affected users, the IP is only a proxy for that metric).
-
Not collect sensitive data like cookies and auth headers. In this case, I don’t consider IP address as sensitive.
Personally, it’d be helpful if there were a list of PII attributes you could specifically opt in or out from, rather than a big PII umbrella that’s all or nothing.