Project

General

Profile

Cloud Support » History » Version 3

Luke Murphey, 06/08/2022 05:14 PM

1 1 Luke Murphey
h1. Cloud Support
2 1 Luke Murphey
3 3 Luke Murphey
Website Monitoring will not allow users on Splunk Cloud to create inputs that are not using SSL (they are restricted to monitoring HTTPS). If someone wants to monitor an HTTP site, they need to run a forwarder outside of Splunk's Cloud environment. The app will still allow the creation of HTTP inputs on non-Cloud installs. If you attempt to test it on a non-Cloud install then you will find it will allow the creation of inputs without HTTPS; but this does not mean that the app allows this when on cloud.
4 1 Luke Murphey
5 3 Luke Murphey
You can test this yourself on a local install by setting instanceType to Cloud in @$SPLUNK_HOME/etc/system/local/server.conf@ (see https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/How-do-I-programmatically-determine-if-my-app-is-running-on/m-p/312077):
6 1 Luke Murphey
7 3 Luke Murphey
<pre>
8 3 Luke Murphey
[general]
9 3 Luke Murphey
instanceType = cloud
10 3 Luke Murphey
</pre>
11 3 Luke Murphey
12 3 Luke Murphey
If you attempt to make an input with an HTTP protocol on a Splunk Cloud environment, you will see the following message:
13 3 Luke Murphey
14 3 Luke Murphey
!HTTP_not_allowed.jpg!
15 3 Luke Murphey
16 3 Luke Murphey
h2. How this is enforced
17 3 Luke Murphey
This is enforced in the backend code in the modular input (https://github.com/LukeMurphey/splunk-website-monitoring/blob/master/src/bin/web_ping.py) which will reject attempts to make an input that uses HTTP on Splunk Cloud and will refuse to run inputs on Cloud (in case the user created an input manually via inputs.conf).
18 3 Luke Murphey
19 3 Luke Murphey
See the following line in web_ping.py shows that the URL field is set to require HTTPS if on cloud:
20 3 Luke Murphey
21 1 Luke Murphey
<pre><code class="python">
22 2 Luke Murphey
URLField("url", "URL", "The URL to connect to (must be be either HTTP or HTTPS protocol)", empty_allowed=False, require_https_on_cloud=True),
23 2 Luke Murphey
</code></pre>
24 2 Luke Murphey
25 3 Luke Murphey
The base class determines if the environment is a cloud instance by checking the server-info endpoint ("splunk-modular-input/server_info.py":https://github.com/LukeMurphey/splunk-modular-input/blob/fbc464bc8e2116c756dc5c68922114387924ce9e/src/modular_input_base_class.py#L495). This is then used in the modular input base class to make a determination if it is on cloud ("splunk-modular-input/modular_input_base_class.py":https://github.com/LukeMurphey/splunk-modular-input/blob/fbc464bc8e2116c756dc5c68922114387924ce9e/src/modular_input_base_class.py#L495).