Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

problem in removing "Continue with external content?" warning

dorHerbesman
Explorer
2 weeks ago

i have a problem with the mention warning on my search head:(attached photo)

dorHerbesman_0-1733928036973.png

i tried following the guide here:
Configure Dashboards Trusted Domains List - Splunk Documentation
and run :
curl -k -u admin:$password$ https://tsplunk.elbitsystems.com:8000/servicesNS/nobody/system/web-features/feature:dashboards_csp -d dashboards_trusted_domain.exampleLabel=http://jenkins/
and got: 
curl: (56) Received HTTP code 403 from proxy after CONNECT
i tried running it on the splunk master and on some of the search heads and it didn't work.
also tried 
editting :
/etc/system/local/web.conf with:
[settings]
dashboards_trusted_domains = http://jenkins https://jenkins
and still the same error

 

what am i doing wrong?

thanks in advanced to helpers!

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
2 weeks ago

Hi @dorHerbesman ,

at first, you must edit the web-features.conf file not web.conf.

Then you should try a value for each row:

[feature:dashboards_csp]
enable_dashboards_external_content_restriction = true
enable_dashboards_redirection_restriction = true
dashboards_trusted_domain.endpoint1 = http://jenkins
dashboards_trusted_domain.endpoint2 = https://jenkins

as you can read at https://docs.splunk.com/Documentation/Splunk/9.3.2/Admin/Web-featuresconf#web-features.conf.example

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
2 weeks ago

Hi @dorHerbesman ,

at first, you must edit the web-features.conf file not web.conf.

Then you should try a value for each row:

[feature:dashboards_csp]
enable_dashboards_external_content_restriction = true
enable_dashboards_redirection_restriction = true
dashboards_trusted_domain.endpoint1 = http://jenkins
dashboards_trusted_domain.endpoint2 = https://jenkins

as you can read at https://docs.splunk.com/Documentation/Splunk/9.3.2/Admin/Web-featuresconf#web-features.conf.example

Ciao.

Giuseppe

Reply
Solved! Jump to solution

dorHerbesman
Explorer
Monday
i have tried pasting your code into /opt/splunk/etc/system/local/web.features.conf of my splunk master instance and restarting it (including rolling-restart) and no luck. maybe i should put it somewhere in my shcluster/apps? any other suggestion?
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
Monday

Hi @dorHerbesman ,

beware web-features.conf not web.features.conf, but maybe it's a mistyping.

Anyway, what do you mean with Splunk master instance?

you have to do this on the Search Heads, not on other instances.

Ciao.

Giuseppe

 

0 Karma
Reply
Solved! Jump to solution

dorHerbesman
Explorer
Monday

i did it on each search head separately and it worked!

too bad there's no way to do it from the master and deploy it them but atleast it works.

thanks for the help!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...