topic Is it possible to use IP white listing to restrict user access to Splunk Cloud from only within a corporate network? in Splunk Search

Is it possible to use IP white listing to restrict user access to Splunk Cloud from only within a corporate network?

mohlatif — Mon, 26 Aug 2019 15:21:11 GMT

I would prefer that the search heads not be visible to everyone on the internet. Is it possible to restrict the ability to log in to only people within a certain IP range of a corporate network?

Re: Is it possible to use IP white listing to restrict user access to Splunk Cloud from only within a corporate network?

DavidHourani — Mon, 26 Aug 2019 16:30:34 GMT

Hi @mohlatif,

This can be done easily by implementing the right firewall rules.

Contact your Splunk cloud support to ask for that config.

Cheers,
David

Re: Is it possible to use IP white listing to restrict user access to Splunk Cloud from only within a corporate network?

saravanan90 — Mon, 19 Oct 2020 14:37:14 GMT

Please check the "acceptFrom" parameter from web.conf

acceptFrom = <network_acl> ...

* Lists a set of networks or addresses from which to accept connections.
* Separate multiple rules with commas or spaces.
* Each rule can be in one of the following formats:
    1. A single IPv4 or IPv6 address (examples: "10.1.2.3", "fe80::4a3")
    2. A Classless Inter-Domain Routing (CIDR) block of addresses
       (examples: "10/8", "192.168.1/24", "fe80:1234/32")
    3. A DNS name, possibly with a "*" used as a wildcard
       (examples: "myhost.example.com", "*.splunk.com")
    4. "*", which matches anything
* You can also prefix an entry with '!' to cause the rule to reject the
  connection. The input applies rules in order, and uses the first one that
  matches.
  For example, "!10.1/16, *" allows connections from everywhere except
  the 10.1.*.* network.
* Default: "*" (accept from anywhere)