Solved: Re: why doesn't splunk work with my reverse proxy?

Chubbybunny · ‎11-27-2012

my current ~/system/local/web.conf is configured as

[settings]
httpport = 8080
mgmtHostPort = 127.0.0.1:28502
root_endpoint = /
enableSplunkWebSSL = true

And my apache httpd.conf

   <"Location/splunksup">
    Order allow,deny 
    Allow from all 
    <"/Location"> 

    ProxyPass / https://192.168.1.1:8080/
    ProxyPassReverse / https:/192.168.1.1:8080/

Masa · ‎11-27-2012

Sorry to be a party-pooper...

This is your scenario;

User Brower <--Non SSL--> Reverse Proxy Server <--- SSL ---> Splunk

In httpd.conf, you need "sslproxyengine on" for this scenario
In web.conf for 4.3.x, we introduced new attributes for web.conf. One of them will make Splunkweb more secure. But, in your scenario, this needs to disabled it.

- web.conf
[settings]
httpport = 8080
mgmtHostPort = 127.0.0.1:28502
root_endpoint = /
enableSplunkWebSSL = true
# This attribute is required for a browser's insecure session 
tools.sessions.secure = False

For more information, please visit a spec file;



 - web.conf.spec

 tools.sessions.secure = [True | False]

    * If set to True and Splunkweb is configured to server requests using HTTPS

      (see the enableSplunkWebSSL setting) then the browser will only transmit 

      the session cookie over HTTPS connections, increasing session security

      * Defaults to True

View solution in original post

Masa · ‎11-27-2012

Sorry to be a party-pooper...

This is your scenario;

User Brower <--Non SSL--> Reverse Proxy Server <--- SSL ---> Splunk

In httpd.conf, you need "sslproxyengine on" for this scenario
In web.conf for 4.3.x, we introduced new attributes for web.conf. One of them will make Splunkweb more secure. But, in your scenario, this needs to disabled it.

- web.conf
[settings]
httpport = 8080
mgmtHostPort = 127.0.0.1:28502
root_endpoint = /
enableSplunkWebSSL = true
# This attribute is required for a browser's insecure session 
tools.sessions.secure = False

For more information, please visit a spec file;



 - web.conf.spec

 tools.sessions.secure = [True | False]

    * If set to True and Splunkweb is configured to server requests using HTTPS

      (see the enableSplunkWebSSL setting) then the browser will only transmit 

      the session cookie over HTTPS connections, increasing session security

      * Defaults to True

jbsplunk · ‎11-27-2012

The reason that Splunk doesn't work with your reverse proxy is that there is a bug where using a reverse proxy w/ SSL enabled will result in redirects to login page, not a successful login(SPL-58866). This is something that has recently been discovered and there is not a fix available at the time. The issue dates back to at least 4.3.4.

Chubbybunny · ‎11-27-2012

thanks JB!!!

why doesn't splunk work with my reverse proxy?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Join the Conversation