# FreeBSD v9 -> ProxyPass -> Splunk



## AlbyVA (Jan 31, 2013)

So I've installed (splunk) to monitor and search my log files, which is a great tool. Except that going from a Trial License to a Free License has removed all user/login accounts and enabled splunk to be open to the world. Not Cool.

 Absent paying splunk for an Enterprise License, one of the only possible ways to block outside traffic is to setup a proxy filter on my box to restrict access. Now I looked into this issue and discovered (httpd-vhosts.conf) under /usr/local/etc/apache22/extra/ and added:


```
<VirtualHost *:80>
       # do proxied Splunk
       ProxyPass / http://server_name:8000/
       ProxyPassReverse / http://server_name:8000/
</VirtualHost>
```


 I also uncommented (Include etc/apache22/extra/httpd-vhosts.conf) in the /usr/local/etc/apache22/httpd.conf and reloaded Apache. After doing that, I got the following error:


```
Performing sanity check on apache22 configuration:
Syntax error on line 46 of /usr/local/etc/apache22/extra/httpd-vhosts.conf:
Invalid command 'ProxyPass', perhaps misspelled or defined by a module not included in the server configuration
```


 So it would appear that my Apache setup is missing the ability to understand ProxyPass and most likely ProxyPassReverse. So my question is, how do I go about updating my system to support these two functions in order to filter my Splunk URL?

Thanks,
Alby


----------



## gkontos (Jan 31, 2013)

You need to recompile www/apache22 with mod_proxy. 

That said, be *EXTRA CAREFUL* on how you are going to configure this because you might end up being an open proxy. 

TIPS:


```
ProxyRequests Off

# Block all requests
<Proxy *>
  Order deny,allow
  Deny from all
</Proxy>

<VirtualHost *:80>

    ServerName server_name
		
   <Proxy *>
	Order deny,allow
	Allow from all
   </Proxy>
	
   ProxyPass / http://server_name:8000/
   ProxyPassReverse / http://server_name:8000/

</VirtualHost>
```


----------



## chatwizrd (Jan 31, 2013)

I miss configured mine once and thought I locked it down to ip and my syntax must of been wrong and I had thousands of connections within 24 hours. That sucked bigtime.


----------



## AlbyVA (Jan 31, 2013)

Thanks.. I'll recompile apache with mod_proxy.


----------

