My Enterprise Trial license was just about to expire, so I applied the "free" license. Since there is no authentication in free, I'd like to only be able access Splunk Web from the server running Splunk itself. However, I can still get to it from my workstation remotely.
This is running on Windows Server 2008 (64 bit). I'm running Splunk 4.1.6.
Here's my server.conf in $SPLUNK_HOME\etc\system\local\server.conf. I restarted Splunk after modifying this file.
[general]
serverName = #removed#
allowRemoteLogin = never
[sslConfig]
sslKeysfilePassword = #removed#
That only affects login to splunkd the server, not SplunkWeb, the web interface. In order to limit access to SplunkWeb, you should set the server.socket_host
setting in web.conf to 127.0.0.1
(or the address of some other local-only interface).
That only affects login to splunkd the server, not SplunkWeb, the web interface. In order to limit access to SplunkWeb, you should set the server.socket_host
setting in web.conf to 127.0.0.1
(or the address of some other local-only interface).