Solved: How to protect Splunk login page from Brute force ...

omoulene · ‎08-18-2015

I have to check if Splunk is compliant with the security rules at my company.
I tried to login 10 times into Splunk with an invalid password, and it didn’t lock me out.

Is there a way to limit the number of failed login attempts per user?

tskinnerivsec · ‎08-18-2015

The best approach would be to front-end the Splunk web interface with a reverse proxy that you can apply your desired policies to. A squid reverse proxy with mod_security used would be a good way to start. I've also had good success with Juniper MAG devices (or the older Juniper SA devices)

View solution in original post

tskinnerivsec · ‎08-18-2015

The best approach would be to front-end the Splunk web interface with a reverse proxy that you can apply your desired policies to. A squid reverse proxy with mod_security used would be a good way to start. I've also had good success with Juniper MAG devices (or the older Juniper SA devices)

How to protect Splunk login page from Brute force attacks? Is there a way to limit the number of failed login attempts per user?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

How to protect Splunk login page from Brute force attacks? Is there a way to limit the number of failed login attempts per user?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine