Hi guys,
I have been doing an audit of allowable ranges that are allowed to connect to our Splunk Web GUI on the Network Layer.
However, I'm curious to see if we can lockdown the Web GUI via a config (as Splunk runs on its own Web Server) to allow only certain ranges to connect to it via TCP 8000. If there is no way to do it on the Web Application Layer then I will resort to doing it on the OS Layer via something like IPTables.
Any help you can provide on this topic would be great.
Thanks.
Brian
In short, use iptables. Splunk doesn't provide any native functionality in this area. And, even if it did, there would have to be some awfully neat features (IP ranges by login account?) to make me prefer it over native OS functionality. The OS does packet filtering really, really well...
In short, use iptables. Splunk doesn't provide any native functionality in this area. And, even if it did, there would have to be some awfully neat features (IP ranges by login account?) to make me prefer it over native OS functionality. The OS does packet filtering really, really well...
Thanks for the input guys!!!
If iptables aren't a valid solution, you can put Apache in front of Splunk and have it lock down based on IP..