diff --git a/example/nginx/default.conf b/example/nginx/default.conf
index 5194d5f..1701e8f 100644
--- a/example/nginx/default.conf
+++ b/example/nginx/default.conf
@@ -1,3 +1,8 @@
+# use $sanitized_request instead of $request to hide Telegram token
+log_format token_filter '$remote_addr - $remote_user [$time_local] '
+                        '"$sanitized_request" $status $body_bytes_sent '
+                        '"$http_referer" "$http_user_agent"';
+
 upstream telegram-bot-api {
     server api:8081;
 }
@@ -14,6 +19,12 @@ server {
     client_max_body_size 2G;
     client_body_buffer_size 30M;
     keepalive_timeout 0;
+    
+    set $sanitized_request $request;
+    if ( $sanitized_request ~ (\/bot\d+):[-\w]+\/(\S+) ) {
+        set $sanitized_request $1:<hidden-token>/$2;
+    }
+    access_log /var/log/nginx/access.log token_filter;
 
     location ~* \/file\/bot\d+:(.*) {
         rewrite ^/file\/bot(.*) /$1 break;
@@ -43,4 +54,4 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Host $server_name;
     }
-}
\ No newline at end of file
+}