Return-Path: X-Original-To: apmail-lucene-solr-user-archive@minotaur.apache.org Delivered-To: apmail-lucene-solr-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D0AB5D698 for ; Fri, 7 Sep 2012 08:58:21 +0000 (UTC) Received: (qmail 37334 invoked by uid 500); 7 Sep 2012 08:58:18 -0000 Delivered-To: apmail-lucene-solr-user-archive@lucene.apache.org Received: (qmail 37152 invoked by uid 500); 7 Sep 2012 08:58:17 -0000 Mailing-List: contact solr-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: solr-user@lucene.apache.org Delivered-To: mailing list solr-user@lucene.apache.org Received: (qmail 37127 invoked by uid 99); 7 Sep 2012 08:58:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Sep 2012 08:58:17 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=FSL_RCVD_USER,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [145.243.194.173] (HELO mob3.asv.de) (145.243.194.173) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Sep 2012 08:58:11 +0000 Received: from mob5.asv.de ([10.201.27.175]) by mob3.asv.de (8.14.2+Sun/8.14.2) with ESMTP id q878vn7p018282 for ; Fri, 7 Sep 2012 10:57:49 +0200 (MEST) Received: from ABLNCEN405.asv.local (ablncen405.mxi.asv.de [10.10.59.105]) by mob5.asv.de (8.14.2+Sun/8.14.2) with ESMTP id q878vnFo021973 for ; Fri, 7 Sep 2012 10:57:49 +0200 (MEST) Received: from rasputin.flughafenstrasse.home (10.10.66.225) by ABLNCEN405.asv.local (10.10.59.105) with Microsoft SMTP Server (TLS) id 14.2.309.2; Fri, 7 Sep 2012 10:57:48 +0200 Received: from tomas by rasputin.flughafenstrasse.home with local (Exim 4.77) (envelope-from ) id 1T9uOr-00016h-73 for solr-user@lucene.apache.org; Fri, 07 Sep 2012 10:58:53 +0200 Date: Fri, 7 Sep 2012 10:58:53 +0200 From: Tomas Zerolo To: Subject: Re: SOLR 4.0 / Jetty Security Set Up Message-ID: <20120907085852.GA4195@axelspringer.de> Mail-Followup-To: solr-user@lucene.apache.org References: <8C6B6795-10F5-4189-A67E-9315C935197A@hoplahup.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <8C6B6795-10F5-4189-A67E-9315C935197A@hoplahup.net> X-Mailer: Mutt 1.5.20 User-Agent: Mutt/1.5.21 (2010-09-15) X-Originating-IP: [10.10.66.225] X-Virus-Checked: Checked by ClamAV on apache.org On Fri, Sep 07, 2012 at 08:50:58AM +0200, Paul Libbrecht wrote: > Erick, > > I think that should be described differently... > You need to set-up protected access for some paths. > /update is one of them. > And you could make this protected at the jetty level or using Apache proxies and rewrites. So you'd advise always putting an Apache in front of Jetty? > Probably /select should be kept open As far as I understand [1], it's better to close /select (because you can easily make an admin or update out of it, by e.g. doing a /select?qt=/admin or /select?qt=/update) > but you need to evaluate if that can get you > in DoS attacks if there are too big selects. If that is the case, you're left to > programme an interface all by yourself which limits and fetches from solr, or which > lives inside solr (a query component) and throws if things are too big. [1] Regads -- Tom�s Zerolo Axel Springer AG Axel Springer media Systems BILD Produktionssysteme Axel-Springer-Stra�e 65 10888 Berlin Tel.: +49 (30) 2591-72875 tomas.zerolo@axelspringer.de www.axelspringer.de Axel Springer AG, Sitz Berlin, Amtsgericht Charlottenburg, HRB 4998 Vorsitzender des Aufsichtsrats: Dr. Giuseppe Vita Vorstand: Dr. Mathias D�pfner (Vorsitzender) Jan Bayer, Ralph B�chi, Lothar Lanz, Dr. Andreas Wiele