Security

How do you produce access denied errors instead of 404s?

Motivator

When my users click on things they do not have permissions for, they get a 404 error with a picture of a... donkey? horse?

I have had probably half a dozen (and my company is not huge) of my users come to me within recent memory and tell me there is an error with our Splunk instance because they get the 404 errors. And I have to be like "no, you just don't have permissions"

How can I produce access denied errors instead, to solve this issue? I don't want to edit all 404s, only access denied 404s.

https://answers.splunk.com/answers/718365/how-do-you-edit-a-custom-message-in-a-404-page-of.html
https://answers.splunk.com/answers/671296/how-to-not-show-the-apps-not-found-page-as-shown-b.html#an...
https://answers.splunk.com/answers/83730/custom-http-error-page-for-splunk-web.html
https://answers.splunk.com/answers/287840/how-to-configure-splunk-error-pages-messages-like.html

0 Karma

Motivator

If you want to edit the page that is shown for these 404s (that is, the page that is shown both for 404s AND what are SUPPOSED to actually be 403s), you can edit lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/error.py. However I am not posting this as an answer because we as developers should NOT have to give our users a "we don't know what this error really is, so we're just going to give you a message that says either there is an error OR there are permissions issues" message. Splunk needs to just fix the problem and properly differentiate between 403s and 404s. I don't know how this isn't a massive issue for everyone else who uses Splunk; my company is small-medium sized and I still have had so many complaints about this

0 Karma

SplunkTrust
SplunkTrust

Not sure why your users are getting the OPTION to click on things they don't have access to. Most installations that I've been to, that's not a thing.

You might want to get on the Splunk Slack channel, go to the "where do I ask" channel, and follow the directions down there to get some feedback on what you are doing. It might be that there's an easy architectural solution that no one thought to mention to you.

0 Karma

Builder
  1. That's Buttercup the pony. Buttercup is a recurring theme in Splunk stuff.
  2. I can reproduce what you saw. A 404 error is produced when it should be a 403 for permissions. Even the screen reads in the top left corner (404 error).
  3. I don't know a current workaround. To me, this is a bug
###

If this reply helps you, an upvote would be appreciated.
0 Karma