https://community.splunk.com/t5/Security/splunk-behind-an-apache-proxy-login-issue/m-p/106739#M3412 <P>Ok, figured out <EM>a</EM> solution. This does appear to be a splunk weirdness, but one can get around it by adding AllowEncodedSlashes On to your vhost for :80. Will allow you to parse the doubly quoted path. I already have http redirecting to https and the rest just worked. </P> Wed, 01 May 2013 02:34:34 GMT mdubbyap 2013-05-01T02:34:34Z https://community.splunk.com/t5/Security/splunk-behind-an-apache-proxy-login-issue/m-p/106738#M3411 <P>My splunk instance is is behind an apache proxy. Everything works correctly except for login. When i log into splunk, the return_to param is being url quoted twice, but only url unquoted once it seems.<BR /><BR /> e.g. I go to my host <A href="https://host/splunk" target="_blank">https://host/splunk</A> and get redirected to the login screen with this url <A href="https://host/splunk/en-US/account/login?return_to=%252Fsplunk%252Fen-US%252F" target="_blank">https://host/splunk/en-US/account/login?return_to=%252Fsplunk%252Fen-US%252F</A><BR /> (note the return_to being quoted twice). After i authenticate i get a 404 at <A href="http://app241.auto.mobileiron.com/%2Fsplunk%2Fen-US%2F" target="_blank">http://app241.auto.mobileiron.com/%2Fsplunk%2Fen-US%2F</A> (notice not https, and the quoted path).</P> <P>Thoughts?</P> <P>My splunk and apache configs looks like this:<BR /> in apache ssl.conf:<BR /> <LOCATION><BR /> ProxyPass <A href="http://127.0.0.1:8000/splunk" target="_blank">http://127.0.0.1:8000/splunk</A><BR /> ProxyPassReverse <A href="http://127.0.0.1:8000/splunk" target="_blank">http://127.0.0.1:8000/splunk</A><BR /> </LOCATION></P> <P>in web.conf<BR /> root_endpoint = /splunk<BR /> tools.proxy.on = True</P> Mon, 28 Sep 2020 13:47:29 GMT https://community.splunk.com/t5/Security/splunk-behind-an-apache-proxy-login-issue/m-p/106738#M3411 mdubbyap 2020-09-28T13:47:29Z https://community.splunk.com/t5/Security/splunk-behind-an-apache-proxy-login-issue/m-p/106739#M3412 <P>Ok, figured out <EM>a</EM> solution. This does appear to be a splunk weirdness, but one can get around it by adding AllowEncodedSlashes On to your vhost for :80. Will allow you to parse the doubly quoted path. I already have http redirecting to https and the rest just worked. </P> Wed, 01 May 2013 02:34:34 GMT https://community.splunk.com/t5/Security/splunk-behind-an-apache-proxy-login-issue/m-p/106739#M3412 mdubbyap 2013-05-01T02:34:34Z