Install and configure your HTTP Proxy Server for splunkd
You can set up an HTTP proxy server for splunkd so that all HTTP/S traffic originating from splunkd flows through the proxy server, making your traffic easier to manage.
Splunk Software officially supports the following HTTP proxy servers:
- Apache Server 2.4
- Apache Server 2.2
- Squid Server 3.5
Note: Splunk Enterprise supports the HTTP CONNECT method for HTTPS requests. TLS proxying is not supported, and the proxy server cannot listen on an SSL port.
Configure Apache Server 2.4
1. Download the latest version of Apache server 2.4 at http://httpd.apache.org/download.cgi.
2. Extract and install it on the machine that will run the proxy server. The following example compiles the server from source.
gzip -d httpd-2.4.25.tar.gz tar xvf httpd-2.4.25.tar cd httpd-NN ./configure --prefix=$PROXY_HOME make install
3. Customize the the Apache server httpd.conf
file.
Listen = 8000 <IP addresses and ports that the server listens to> ProxyRequests = On < Enables forward (standard) proxy requests> SSLProxyEngine = On <This directive toggles the usage of the SSL/TLS Protocol Engine for proxy> AllowCONNECT = 443 <Ports that are allowed to CONNECT through the proxy>
Additional configuration (optional)
Before you configure or disable these values, please read the Apache documentation for additional information.
SSLProxyVerify = optional <When a proxy is configured to forward requests to a remote SSL server, this setting can configure certificate verification of the remote server> SSLProxyCheckPeerCN = on <determines whether the remote server certificate's CN field is compared against the hostname of the request URL> SSLProxyCheckPeerName = on <turns on host name checking for server certificates when mod_ssl is acting as an SSL client> SSLProxyCheckPeerExpire = on <enables certificate expiration checking>
Configure Apache Server 2.2
1. Download the latest version of Apache server 2.2 at http://httpd.apache.org/download.cgi.
2. Extract and install it on the machine that will run the proxy server. The following example compiles the server from source.
$ gzip -d httpd-2.2.32.tar.gz $ tar xvf httpd-2.2.32.tar $ cd httpd-NN $ ./configure --prefix="PROXY_HOME" --enable-ssl --enable-proxy --enable-proxy-connect --enable-proxy-http $ make install
3. Customize the Apache server's httpd.conf
file:
Listen 8000 <This is the list of IP addresses and ports that the server listens to> ProxyRequests = On <Enables forward (standard) proxy requests> SSLProxyEngine = On <This directive toggles the usage of the SSL/TLS Protocol Engine for proxy> AllowCONNECT 443 <Ports that are allowed to CONNECT through the proxy>
Additional configuration (optional)
Before you modify or disable these settings in your environment, please read the Apache documentation for additional information.
SSLProxyVerify = optional <When a proxy is configured to forward requests to a remote SSL server, this directive can be used to configure certificate verification for the remote server.> SSLProxyCheckPeerCN = on <Determines whether the remote server certificate's Common Name field is compared against the hostname of the request URL> SSLProxyCheckPeerName = on <Configures host name checking for server certificates when mod_ssl is acting as an SSL client> SSLProxyCheckPeerExpire = on <when turned on, the systems checks whether if the remote server certificate is expired or not>
Configure Squid 3.5
1. Download the latest version of Squid server 3.5 at http://www.squid-cache.org/Download/.
2. Extract and install the download on the machine that will run the proxy server. The following example compiles Squid server 3.5 from source.
$ tar xzf squid-3.5.23.tar.gz $ cd squid-3.5.23 $ ./configure --with-openssl $ make $ make install
3. Configure the Squid server's squid.conf
file
acl localnet src = <configure all possible internal network ports, a new line for each port> acl SSL_ports = <configure all acl SSL_ports, a new line for each port> acl CONNECT method CONNECT <ACL for CONNECT method> http_port 8000 <Port on which the Squid server will listen for requests>
Additional configuration (optional)
Before you configure or disable these settings in your environment, please read the Squid documentation for additional information.
sslproxy_cert_error deny all <Use this ACL to bypass server certificate validation errors> sslproxy_flags DONT_VERIFY_PEER <Various flags modifying the use of SSL while proxying https URLs> hosts_file PROXY_HOME/hosts <Location of the host-local IP name-address associations database>
Use a forward Proxy Server for splunkd | Configure splunkd to use your HTTP Proxy Server |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0
Feedback submitted, thanks!