Project

General

Profile

Cloud Support

Website Monitoring will not allow users on Splunk Cloud to create inputs that are not using SSL (they are restricted to monitoring HTTPS). If someone wants to monitor an HTTP site, they need to run a forwarder outside of Splunk's Cloud environment. The app will still allow the creation of HTTP inputs on non-Cloud installs. If you attempt to test it on a non-Cloud install then you will find it will allow the creation of inputs without HTTPS; but this does not mean that the app allows this when on cloud.

You can test this yourself on a local install by setting instanceType to Cloud in $SPLUNK_HOME/etc/system/local/server.conf (see https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/How-do-I-programmatically-determine-if-my-app-is-running-on/m-p/312077):

[general]
instanceType = cloud

If you attempt to make an input with an HTTP protocol on a Splunk Cloud environment, you will see the following message:

How this is enforced

This is enforced in the backend code in the modular input (https://github.com/LukeMurphey/splunk-website-monitoring/blob/master/src/bin/web_ping.py) which will reject attempts to make an input that uses HTTP on Splunk Cloud and will refuse to run inputs on Cloud (in case the user created an input manually via inputs.conf).

See the following line in web_ping.py shows that the URL field is set to require HTTPS if on cloud:

URLField("url", "URL", "The URL to connect to (must be be either HTTP or HTTPS protocol)", empty_allowed=False, require_https_on_cloud=True),

The base class determines if the environment is a cloud instance by checking the server-info endpoint (splunk-modular-input/server_info.py). This is then used in the modular input base class to make a determination if it is on cloud (splunk-modular-input/modular_input_base_class.py).

HTTP_not_allowed.jpg View (50.7 KB) Luke Murphey, 06/08/2022 05:13 PM