Solved: Locking down Web GUI by IP Ranges

balbano · ‎01-31-2012

Hi guys,

I have been doing an audit of allowable ranges that are allowed to connect to our Splunk Web GUI on the Network Layer.

However, I'm curious to see if we can lockdown the Web GUI via a config (as Splunk runs on its own Web Server) to allow only certain ranges to connect to it via TCP 8000. If there is no way to do it on the Web Application Layer then I will resort to doing it on the OS Layer via something like IPTables.

Any help you can provide on this topic would be great.

Thanks.

Brian

dwaddle · ‎01-31-2012

In short, use iptables. Splunk doesn't provide any native functionality in this area. And, even if it did, there would have to be some awfully neat features (IP ranges by login account?) to make me prefer it over native OS functionality. The OS does packet filtering really, really well...

View solution in original post

dwaddle · ‎01-31-2012

In short, use iptables. Splunk doesn't provide any native functionality in this area. And, even if it did, there would have to be some awfully neat features (IP ranges by login account?) to make me prefer it over native OS functionality. The OS does packet filtering really, really well...

balbano · ‎02-01-2012

Thanks for the input guys!!!

Brian_Osburn · ‎01-31-2012

If iptables aren't a valid solution, you can put Apache in front of Splunk and have it lock down based on IP..

Locking down Web GUI by IP Ranges

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability

Introducing the Splunk Community Dashboard Challenge!