lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomas Zerolo <tomas.zer...@axelspringer.de>
Subject Re: SOLR 4.0 / Jetty Security Set Up
Date Fri, 07 Sep 2012 08:58:53 GMT
On Fri, Sep 07, 2012 at 08:50:58AM +0200, Paul Libbrecht wrote:
> Erick,
> 
> I think that should be described differently...
> You need to set-up protected access for some paths.
> /update is one of them.
> And you could make this protected at the jetty level or using Apache proxies and rewrites.

So you'd advise always putting an Apache in front of Jetty?

> Probably /select should be kept open

As far as I understand [1], it's better to close /select (because you can
easily make an admin or update out of it, by e.g. doing a /select?qt=/admin
or /select?qt=/update)

>                                      but you need to evaluate if that can get you
> in DoS attacks if there are too big selects. If that is the case, you're left to
> programme an interface all by yourself which limits and fetches from solr, or which
> lives inside solr (a query component) and throws if things are too big.

[1] <http://wiki.apache.org/solr/SolrSecurity#Path_Based_Authentication>

Regads
-- 
Tomás Zerolo
Axel Springer AG
Axel Springer media Systems
BILD Produktionssysteme
Axel-Springer-Straße 65
10888 Berlin
Tel.: +49 (30) 2591-72875
tomas.zerolo@axelspringer.de
www.axelspringer.de

Axel Springer AG, Sitz Berlin, Amtsgericht Charlottenburg, HRB 4998
Vorsitzender des Aufsichtsrats: Dr. Giuseppe Vita
Vorstand: Dr. Mathias Döpfner (Vorsitzender)
Jan Bayer, Ralph Büchi, Lothar Lanz, Dr. Andreas Wiele

Mime
View raw message