http://slashdir.com/securing-splunk-free/
I did it like this in apache
<virtualhost *:80>
ServerAdmin evotech@slashdir.com
ServerAlias splunk.slashdir.com
ProxyPass / http://127.0.0.1:8008/
ProxyPassReverse / http://127.0.0.1:8008/
</virtualhost>
<proxy http://127.0.0.1:8008/*>;
Order deny,allow
Deny from all
Allow from all
AuthName "splunk"
AuthType Basic
AuthUserFile /home/evotech/public_www/.htpasswd
Require valid-user
</proxy>
This, combined with a firewall rule that blocks http for everyone but loopback on your splunk port (port 8008 for me) makes sure that i can have a login for splunk free.
sudo iptables -A INPUT -s 127.0.0.1 -p tcp --dport 8008 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8008 -j DROP
Although, i still think its insanely stupid to have to do it this way, it works.
Please include a admin user and password at the very least so people can block their free versions from a potential attacker. Even if it is just my personal server that i use for various owned domains and services i don't want everyone to see all my logs, huge security issue.
... View more