Comments on: Splunk Free: .htaccess Protection using Apache

By: andrew

andrew — Fri, 02 Oct 2009 11:40:50 +0000

@Josh: SPLUNK_BINDIP will affect splunkd (the splunk daemon) and not splunkweb (the python web interface, what you really want to proxy).
which is a good thing and what you probably want to do anyway, but not quite the same thing.
to make splunkweb bind to localhost only, you have to edit etc/system/local/web.conf

# Host values may be any IPv4 or IPv6 address, or any valid hostname.
# The string ‘localhost’ is a synonym for ‘127.0.0.1′ (or ‘::1′, if
# your hosts file prefers IPv6). The string ‘0.0.0.0′ is a special
# IPv4 entry meaning “any active interface” (INADDR_ANY), and ‘::’
# is the similar IN6ADDR_ANY for IPv6. The empty string or None are
# not allowed.
#server.socket_host = 0.0.0.0
server.socket_host = 127.0.0.1

as a side note, you can also define SPLUNK_BINDIP in etc/splunk-launch.conf.

@Luke, @Drew:

you cannot reverse-proxy splunk to something different than root (as in “/something/”), because the HTML code makes lots of reference to “/” (e.g. /script.js”).
You can put all your Proxy directives inside a (Name)VirtualHost block, though. Works like a charm.

Hope that helps,

-a

By: laneolson.ca | Splunk with SSL and Password Protection Using Apache

laneolson.ca | Splunk with SSL and Password Protection Using Apache — Wed, 08 Jul 2009 19:31:48 +0000

[...] htaccess Authentication [...]

By: Drew

Drew — Sat, 09 May 2009 22:42:32 +0000

Smashing! Thank you for this solution … clearly written and understandable.
…
So finding your solution was ideal. Worked “out of the box” first time.

Dean,

Thanks! Glad it helped you out. It’s always nice hearing awesome results from my experiences. Makes me feel like I actually did something productive!

Have a great day.
Drew

By: Dean

Dean — Mon, 27 Apr 2009 08:26:15 +0000

Smashing! Thank you for this solution … clearly written and understandable.

I just installed Splunk today – the first thing I did was try to find a password or authentication option. Eeek – none!

So finding your solution was ideal. Worked “out of the box” first time.

Thanks!

By: Drew

Drew — Sat, 21 Mar 2009 17:35:16 +0000

Richard,

Thanks for the kind words! Anytime I get great comments, it makes me feel that my time here writing from my experiences are well worth the effort.

Regards,
Drew

By: Richard

Richard — Tue, 17 Mar 2009 13:39:17 +0000

Fantastic. Adding BIND before starting up, then adding the info as described to httpd.conf made it all work first time.

By: Josh

Josh — Tue, 06 Jan 2009 23:57:20 +0000

You can tell splunk to bind only to localhost by setting SPLUNK_BINDIP=127.0.0.1 before starting it.

By: Drew

Drew — Wed, 03 Dec 2008 04:25:10 +0000

I got it running. I made Splunk to listen locally on 127.0.0.1. Now, nobody can go directly to port 8000 using the hostname. They will get a failed to connect.

RAM,

Great to hear. I apologize for not getting back to you fast enough. Things have been quite crazy, so I am glad you figured out the issue. Hope my article was easy enough to understand.

Regards,
Drew D.

By: RAM

RAM — Fri, 21 Nov 2008 00:32:23 +0000

Drew,

I got it running. I made Splunk to listen locally on 127.0.0.1. Now, nobody can go directly to port 8000 using the hostname. They will get a failed to connect.

Thanks! =)

By: RAM

RAM — Thu, 20 Nov 2008 16:52:24 +0000

Drew,

Thanks for the step-by-step instruction! Worked out really good for me.

Quick question. How come when i go directly to the url (http://:8000) it doees not prompt for a login?

Thanks!!