Hello Everyone,
I have a Splunk installation that is externally facing for remote access. After upgrading to 6.2 to fix some issues I now get a blank login screen when i browse to the site externally. Viewing the source code of the page shows a bunch of javascript so I know stuff is being returned from the server however the page appears blank. Internally the splunk login page loads 100% normally and I can access it without any issues. I noticed in the release notes there is mention of 2 new ports being used by 6.2. I was wondering if this had something to do with the situation as I have not done any NAT rules for these ports from the outside. The upgrade notes did not mention this requirement anywhere that I saw. Just wondering if this is an issue anyone else has seen moving up to 6.2?
Thanks in advance for any help you folks can provide!
I've got the same problem (black page with no message) with 6.2 behind a Checkpoint vpnssl in web portal mode.(Firefox browser used)
No problem accessing directly or in tunnel mode via vpnssl.
I don't know if it worked with previous splunk versions.
I'm not using https on splunk on this instance so this is not the problem.(url=http://ip:8000/)
I can see some splunk code rewritten by the vpnssl in the source code so the vpnssl is reaching splunk.
Anybody could access a splunk instance through a Checkpoint vpnssl ?
...Yes. Yes, we did. Sorry, it had been a busy few days and it slipped my mind.
We're using F5 LTM, 11.5.1, hotfix 5
(Hotfix-BIGIP-11.5.1.5.0.147-HF5.iso)
We had set our virtual server to use an SSL certificate with SSLv3 explicitly enabled,
and F5 no longer offers that as an option.
Virtual server reconfigured to use SSL cert with SSLv3 disabled:
Local Traffic >> Virtual Servers : Virtual Server List >> vs_splunk.latrobe.edu.au_443
Disabled SSLv3 in the SSL Certificate / client profile:
Profile >> SSL >> Client
In the SSL certificate profile in question,
select: "Configuration: Advanced"
In the 'ciphers' section, alter:
!EXPORT:!DH:!MD5:RSA+AES:RSA+3DES:RSA+RC4:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:@SPEED
to
DEFAULT
Possibly relevant reading:
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15702.html
See if that helps.
Hey bwakely,
So I tired this the other day and unfortunately it's still not working. Are there any other steps you took to correct the issue? I find it interesting that the F5 is a common variable here and I'm wondering if you changed anything on the virtual server for splunk or anything along those lines while troubleshooting? Thanks for the assistance!
Excellent. This is behind an F5 as well. I'll try your solution and let you know how it goes. Thank you very much!
Hi John,
We had the same thing happen here - upgraded to 6.2 from 6.0.3,
restarted the search heads after upgrade,
and the page wouldn't render anything other than a background colour in a browser.
This effect happened when viewing the page through our F5 load-balancers (https/port 443),
it did not happen when viewing the back-end directly (http/port 8000)
yannK's answer to "Upgraded to 6 and the login page for splunk-web is broken"[2] helped - I:
and it eventually rendered properly every time.
--Benji
One little thing you could check as well http://answers.splunk.com/answers/137114/adblock-and-splunkweb.html