Re: offload SSL from Splunk Web

tpsplunk · ‎10-05-2011

Is it possible to offload the SSL encryption for the Splunk GUI to another device? For example if I put a load balancer which can do SSL offload in front of my searchhead can i have the LB handle all the SSL for user sessions?

I've tried disabling "SSL in Splunk Web" via GUI->Manager->System Settings->General Settings, but this causes splunk web to issue all page redirects using "http:" instead of "https:" so i'd have to intercept all those and re-write them as https. which seems inefficient. is there a better way?

dwaddle · ‎05-07-2012

The URL rewrite is a practical requirement of SSL offload. Most Load Balancing platforms that provide SSL termination functionality will deal with the URL rewrite fairly simply and efficiently. (Otherwise they'd make poor load balancers) Using Cisco's ACE docs, for example - http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/ssl/gu...

When a client sends encrypted traffic to the ACE in an SSL termination configuration, the ACE terminates the SSL traffic and then sends clear text to the server, which is unaware of the encrypted traffic flowing between the client and the ACE. Using an action list associated with a Layer 7 HTTP load-balancing policy map, you can instruct the ACE to perform the following tasks:

•SSL URL Rewrite—The ACE changes the redirect URL from http:// to https:// in the Location response header from the server before sending the response to the client.

romantercero · ‎05-07-2012

I'm also looking for an answer to this issue. Did you find anything?

thanks!

offload SSL from Splunk Web

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability

Introducing the Splunk Community Dashboard Challenge!