https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46770#M1526 <P>The reason that Splunk doesn't work with your reverse proxy is that there is a bug where using a reverse proxy w/ SSL enabled will result in redirects to login page, not a successful login(SPL-58866). This is something that has recently been discovered and there is not a fix available at the time. The issue dates back to at least 4.3.4. </P> Wed, 28 Nov 2012 00:03:01 GMT jbsplunk 2012-11-28T00:03:01Z https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46769#M1525 <P>my current ~/system/local/web.conf is configured as </P> <PRE><CODE>[settings] httpport = 8080 mgmtHostPort = 127.0.0.1:28502 root_endpoint = / enableSplunkWebSSL = true </CODE></PRE> <P>And my apache httpd.conf </P> <PRE><CODE> &lt;"Location/splunksup"&gt; Order allow,deny Allow from all &lt;"/Location"&gt; ProxyPass / <A href="https://192.168.1.1:8080/" target="test_blank">https://192.168.1.1:8080/</A> ProxyPassReverse / https:/192.168.1.1:8080/ </CODE></PRE> Wed, 28 Nov 2012 00:00:59 GMT https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46769#M1525 Chubbybunny 2012-11-28T00:00:59Z https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46770#M1526 <P>The reason that Splunk doesn't work with your reverse proxy is that there is a bug where using a reverse proxy w/ SSL enabled will result in redirects to login page, not a successful login(SPL-58866). This is something that has recently been discovered and there is not a fix available at the time. The issue dates back to at least 4.3.4. </P> Wed, 28 Nov 2012 00:03:01 GMT https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46770#M1526 jbsplunk 2012-11-28T00:03:01Z https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46771#M1527 <P>thanks JB!!!</P> Wed, 28 Nov 2012 00:04:38 GMT https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46771#M1527 Chubbybunny 2012-11-28T00:04:38Z https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46772#M1528 <P>Sorry to be a party-pooper...</P> <P>This is your scenario;</P> <P>User Brower &lt;--Non SSL--&gt; Reverse Proxy Server &lt;--- SSL ---&gt; Splunk</P> <OL> <LI>In httpd.conf, you need "sslproxyengine on" for this scenario</LI> <LI>In web.conf for 4.3.x, we introduced new attributes for web.conf. One of them will make Splunkweb more secure. But, in your scenario, this needs to disabled it.</LI> </OL> <PRE> - web.conf [settings] httpport = 8080 mgmtHostPort = 127.0.0.1:28502 root_endpoint = / enableSplunkWebSSL = true # This attribute is required for a browser's insecure session tools.sessions.secure = False </PRE> <P>For more information, please visit a spec file;<BR /> <PRE><BR /> - web.conf.spec<BR /> tools.sessions.secure = [True | False]<BR /> * If set to True and Splunkweb is configured to server requests using HTTPS<BR /> (see the enableSplunkWebSSL setting) then the browser will only transmit <BR /> the session cookie over HTTPS connections, increasing session security<BR /> * Defaults to True<BR /> </PRE></P> Wed, 28 Nov 2012 00:55:06 GMT https://community.splunk.com/t5/Security/why-doesn-t-splunk-work-with-my-reverse-proxy/m-p/46772#M1528 Masa 2012-11-28T00:55:06Z