Dashboards & Visualizations

How do I disable redirection warning?

tobelesp
Engager

After we upgraded to v9.0.1 we get a warning when following dashboard-generated links pointing "outside" splunk:

Redirecting away from Splunk
You are being redirected away from Splunk to the following URL:

https://[some non-splunk web-server]
Note that tokens embedded in a URL could contain sensitive information.

It comes with a "Don't show again" option, but it indeed shows again every time.
Is there somewhere to disable this warning?

Thanks

Labels (1)
1 Solution

elizabethl_splu
Splunk Employee
Splunk Employee

Hi there, thanks for posting this question! We will be adding a feature flag, as well as UI for adding trusted domains in the next on-prem release, so that you will have more control over redirection modal. Currently, the "do not show this again" applies per user, per session, per specific URL. If the URL changes (e.g. because a token value in the URL changes) the modal will display again. The intention is so that users will have an opportunity to verify they are only passing information they intended to when clicking on a link that redirects them out of Splunk. 

View solution in original post

millarma
Path Finder

Here is the answer:
https://docs.splunk.com/Documentation/Splunk/9.2.1/Admin/Web-featuresconf#.5Bfeature:dashboards_csp....

in web-features.conf, there is a stanza called 

[feature:dashboards_csp]
where you can allow list domains like this:

dashboards_trusted_domain.<name> = <string>

aka

dashboards_trusted_domain.smartsheet = app.smartsheet.com

dorHerbesman
Explorer

Hey there @elizabethl_splu 
after reading this thread i tried this setting on my splunk 9.1.2 environment and it dosen't work.

i opened a file named  web-features.conf with the stanze 

[feature:dashboards_csp]
enable_dashboards_redirection_restriction=false



under /opt/splunk/etc/shcluster/apps/ADMIN_CONF (folder i created to disterbute conf files and updates) and still getting this warning, can you think of anything im doing wrong? thanks in advanced!

0 Karma

elizabethl_splu
Splunk Employee
Splunk Employee

Hi @dorHerbesman - I would recommend opening a case with support, they’ll be able to help you troubleshoot what’s going on!

0 Karma

apietersen
Contributor

Hi,

this worked for me, in file ...etc\system\local\web_feature.conf:

[feature:dashboards_csp]
enable_dashboards_redirection_restriction = false

0 Karma

andreasz
Path Finder

This was one of the reasons why we didn't update to version 9.
A word of caution to others: if you're still using version 8 and don't want this "nice feature", then the last functional version is 8.2.7.
After the latest update, several of my dashboards are now broken, and users have been complaining.

0 Karma

matzn
New Member

Any news on this topic?
I have not found anything within the docs how to deal with this (except for splunk cloud....).

0 Karma

dbhojani
Explorer

Hi,

Is there any way to disable it on splunkcloud?

0 Karma

elizabethl_splu
Splunk Employee
Splunk Employee

In Splunk Cloud 9.0.2303, you'll be able to use the Dashboards Trusted Domains list to suppress the redirection warning for any trusted domains. You'll also have an option to completely disable the redirection warning for dashboards, although that's not recommended since links out of Splunk could contain sensitive information embedded in token values/URL params. 

You can check out the release notes here: https://docs.splunk.com/Documentation/SplunkCloud/9.0.2303/DashStudio/WhatNewSC

romux72
Explorer

Hi, I see on Documentation that now we have 2 variables on web-features.conf to disable external content restriction.

Enable_dashboards_external_content_restriction and Enable_dashboards_redirection_restriction

romux72_0-1687852333025.png

but on this section or on web-features.conf specification page, this variables doesn't appear. We don't know which stanza use for that.

https://docs.splunk.com/Documentation/Splunk/9.0.5/Admin/Web-featuresconf#web-features.conf

I meet the same problem. We use many panel html with <style> balise to add dynamic interaction and custom layout with Dashboard XML.

 

0 Karma

elizabethl_splu
Splunk Employee
Splunk Employee

Hey @romux72 - those flags are not yet available in 9.0.x web-features.conf. They will be available in 9.1.

apietersen
Contributor

Hi  Elizabeth,

We justed upgraded to v9.1 Splunk Enterprise. Can you tell me where I can disable this "feature"

AshleyP

Tags (1)
0 Karma

elizabethl_splu
Splunk Employee
Splunk Employee

Hi @apietersen You can disable this security feature by creating a local web-features.conf file and setting Enable_dashboards_redirection_restriction to false. Here's the documentation: https://docs.splunk.com/Documentation/Splunk/9.1.0/Admin/ConfigureDashboardsTrustedDomainsList

0 Karma

apietersen
Contributor

Added/tried: in web-feature.conf file:

Enable_dashboards_redirection_restriction=false ->  stil redirecting warnings
or
Enable_dashboards_redirection_restriction=0 ->  stil redirecting warnings

. What do I miss here?. Document link was not conclusive to me, I want to be able to disable it completely

thanks

0 Karma

apietersen
Contributor

Also explicit naming of a domain(s) (even its own) doe not seem to work

[feature:dashboards_csp]
dashboards_trusted_domain.everything=*.<dom1>.nl
dashboards_trusted_domain.everything=*.<dom2>.eu
dashboards_trusted_domain.everything=*..<dom3>.storage

??

Tags (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Labels should be unique

[feature:dashboards_csp]
dashboards_trusted_domain.everything=*.<dom1>.nl
dashboards_trusted_domain.everything2=*.<dom2>.eu
dashboards_trusted_domain.everything3=*..<dom3>.storage

Is that the issue?

Btw, using the curl command only sets it for the user (admin in the example) - I had to copy the file from admin to set it for all (in my environment).

romux72
Explorer

Could you write parameters without Uppercase on stanza ?

[feature:dashboards_csp]

enable_dashboards_external_content_restriction=false

enable_dashboards_redirection_restriction=false

 

After that restart Splunk.

PS : you are on Splunk version 9.1+ ?

apietersen
Contributor

Hi Romux72

  • yes we are on v9.1.0.1
  • I will try:
    [feature:dashboards_csp]
    enable_dashboards_redirection_restriction=false
  • result after restart :
    This seems to work. But will need to test it with different browsers. Sofar, Sogood 🙂 !

    Thanks Romux72
0 Karma

romux72
Explorer

Hi,

I'm not tell you, I have the problem on Splunk Cloud 2303 since upgrade of my customer Splunk Cloud platform.

This maintenance have been passed last weekend. Since Monday, Dashboartd XML with external content have this problem.

We have this message on panel

"Awaiting User Confirmation"

romux72_0-1687886979744.png

 

To complete my problem,

 

My post on Slack Splunk-Usergroups canal (Splunk Cloud)

Hello, I have a problem with Splunk Cloud 2303 and Dashboard XML,
I use HTML panel with <style> balise to customize my dashboard style, layout and dynamic interaction.When I click on a table, with drilldown action I set token that take width panel value. On <style> balise I call #my_pan {width : $my_tok_width_pan$;}

Before Splunk Cloud 2303, It's work. Now It's KO.

I see on Documentation that Splunk add restriction on Dashboard XML for external content HTML <style> balise is on the list.we should disable this protection with 2 variables :

Enable_dashboards_external_content_restriction and Enable_dashboards_redirection_restriction
https://docs.splunk.com/Documentation/SplunkCloud/9.0.2303/Admin/ConfigureDashboardsTrustedDomains#E...

But on documentation, no example has described and variables and stanza doesn't appaer on web-features.conf specification page
https://docs.splunk.com/Documentation/Splunk/9.0.5/Admin/Web-featuresconf#web-features.conf

 

0 Karma

elizabethl_splu
Splunk Employee
Splunk Employee

Hi @romux72 - yes there is a known issue on 9.0.2303 where we see "Awaiting user confirmation" on HTML panels using external images or tokens. The workaround for now would be to remove external images or tokens from the HTML panel. It should be fixed in an upcoming release, and I've just added it to our known issues list (it might take a few moments to show up on the list): SPL-240082. 

If you are on Splunk Cloud, then I believe you do not have access to modify .conf files yourself. In this case, you have two options to allow external content:

  1. Under Settings > Server Settings there is a page where you can edit the Dashboards Trusted Domains list and add the domain/URL for your external image 
  2. You can file a ticket with support to manually adjust your web-features.conf file

romux72
Explorer

Ok, thank you for your answer.

I already make when I have been waiting a response 

* Make the workaround that you explain 🙂. I delete my token for the moment and use thé dépends feature to hide and display my panel.

* Open a case to the support for expose my problem.

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...