Solved: Is it possible to use IP white listing to restrict...

mohlatif · ‎08-26-2019

I would prefer that the search heads not be visible to everyone on the internet. Is it possible to restrict the ability to log in to only people within a certain IP range of a corporate network?

DavidHourani · ‎08-26-2019

Hi @mohlatif,

This can be done easily by implementing the right firewall rules.

Contact your Splunk cloud support to ask for that config.

Cheers,
David

View solution in original post

saravanan90 · ‎10-19-2020

Please check the "acceptFrom" parameter from web.conf

acceptFrom = <network_acl> ...

* Lists a set of networks or addresses from which to accept connections.
* Separate multiple rules with commas or spaces.
* Each rule can be in one of the following formats:
    1. A single IPv4 or IPv6 address (examples: "10.1.2.3", "fe80::4a3")
    2. A Classless Inter-Domain Routing (CIDR) block of addresses
       (examples: "10/8", "192.168.1/24", "fe80:1234/32")
    3. A DNS name, possibly with a "*" used as a wildcard
       (examples: "myhost.example.com", "*.splunk.com")
    4. "*", which matches anything
* You can also prefix an entry with '!' to cause the rule to reject the
  connection. The input applies rules in order, and uses the first one that
  matches.
  For example, "!10.1/16, *" allows connections from everywhere except
  the 10.1.*.* network.
* Default: "*" (accept from anywhere)

DavidHourani · ‎08-26-2019

Hi @mohlatif,

This can be done easily by implementing the right firewall rules.

Contact your Splunk cloud support to ask for that config.

Cheers,
David

Is it possible to use IP white listing to restrict user access to Splunk Cloud from only within a corporate network?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector