offload SSL from Splunk Web


Is it possible to offload the SSL encryption for the Splunk GUI to another device? For example if I put a load balancer which can do SSL offload in front of my searchhead can i have the LB handle all the SSL for user sessions?

I've tried disabling "SSL in Splunk Web" via GUI->Manager->System Settings->General Settings, but this causes splunk web to issue all page redirects using "http:" instead of "https:" so i'd have to intercept all those and re-write them as https. which seems inefficient. is there a better way?


The URL rewrite is a practical requirement of SSL offload. Most Load Balancing platforms that provide SSL termination functionality will deal with the URL rewrite fairly simply and efficiently. (Otherwise they'd make poor load balancers) Using Cisco's ACE docs, for example -

When a client sends encrypted traffic to the ACE in an SSL termination configuration, the ACE terminates the SSL traffic and then sends clear text to the server, which is unaware of the encrypted traffic flowing between the client and the ACE. Using an action list associated with a Layer 7 HTTP load-balancing policy map, you can instruct the ACE to perform the following tasks:

•SSL URL Rewrite—The ACE changes the redirect URL from http:// to https:// in the Location response header from the server before sending the response to the client. 

Path Finder

I'm also looking for an answer to this issue. Did you find anything?


0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...