I would prefer that the search heads not be visible to everyone on the internet. Is it possible to restrict the ability to log in to only people within a certain IP range of a corporate network?
Hi @mohlatif,
This can be done easily by implementing the right firewall rules.
Contact your Splunk cloud support to ask for that config.
Cheers,
David
Please check the "acceptFrom" parameter from web.conf
acceptFrom = <network_acl> ... * Lists a set of networks or addresses from which to accept connections. * Separate multiple rules with commas or spaces. * Each rule can be in one of the following formats: 1. A single IPv4 or IPv6 address (examples: "10.1.2.3", "fe80::4a3") 2. A Classless Inter-Domain Routing (CIDR) block of addresses (examples: "10/8", "192.168.1/24", "fe80:1234/32") 3. A DNS name, possibly with a "*" used as a wildcard (examples: "myhost.example.com", "*.splunk.com") 4. "*", which matches anything * You can also prefix an entry with '!' to cause the rule to reject the connection. The input applies rules in order, and uses the first one that matches. For example, "!10.1/16, *" allows connections from everywhere except the 10.1.*.* network. * Default: "*" (accept from anywhere)
Hi @mohlatif,
This can be done easily by implementing the right firewall rules.
Contact your Splunk cloud support to ask for that config.
Cheers,
David