diff --git a/proxy/config.php b/proxy/config.php
index 73f081a..8b09083 100644
--- a/proxy/config.php
+++ b/proxy/config.php
@@ -35,8 +35,10 @@ $target_mail_view = $target_civicrm . '/civicrm/mailing/view';
 // Set to NULL/FALSE to disable the feature
 $mail_subscription_user_key = NULL;
 
-// CAREFUL: only enable temporarily on debug systems. Will log all queries to given PUBLIC file
-$debug                      = NULL; //'debug.log';
+// CAREFUL: only enable temporarily on debug systems.
+//  Will log all queries to given PUBLIC file
+//  Also: use some random name (not this one!)
+$debug                      = NULL; //'LUXFbiaoz4dVWuAHEcuBAe7YQ4YP96rN4MCDmKj89p.log';
 
 // Local network interface or IP to be used for the relayed query
 // This is usefull in some VPN configurations (see CURLOPT_INTERFACE)
diff --git a/proxy/proxy.php b/proxy/proxy.php
index 684fad5..c04585f 100644
--- a/proxy/proxy.php
+++ b/proxy/proxy.php
@@ -135,7 +135,18 @@ function civiproxy_security_check($target, $quit=TRUE) {
   global $debug;
   if (!empty($debug)) {
     $file = fopen($debug, 'a');
-    fwrite($file, "REQUEST FROM " . $_SERVER['REMOTE_ADDR'] . " ON " . date('Y-m-d H:i:s') . ' -- ' . print_r($_REQUEST,1));
+
+    // filter log data
+    $log_data = $_REQUEST;
+    if (isset($log_data['api_key'])) {
+      $log_data['api_key'] = substr($log_data['api_key'], 0, 4) . '...';
+    }
+    if (isset($log_data['key'])) {
+      $log_data['key'] = substr($log_data['key'], 0, 4) . '...';
+    }
+
+    // write log record
+    fwrite($file, "REQUEST FROM " . $_SERVER['REMOTE_ADDR'] . " ON " . date('Y-m-d H:i:s') . ' -- ' . print_r($log_data ,1));
     fclose($file);
   }