lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raheel Hasan <raheelhasan....@gmail.com>
Subject Re: securing Solr Admin
Date Tue, 22 Oct 2013 18:20:24 GMT
ok thats very knowledgeable... thanks..

I will try to put a firewall to prevent some access...

What I was looking for was some global & simple setting (like in the core
setting) that prevents access to certain ip... or an htaccess type settings
allowed for the core... But I guess thats not part of solr..




On Tue, Oct 22, 2013 at 10:52 PM, Raymond Wiker <rwiker@gmail.com> wrote:

> On Oct 22, 2013, at 19:29 , Shawn Heisey <solr@elyograg.org> wrote:
> > On 10/22/2013 8:09 AM, Raheel Hasan wrote:
> >> This sounds like trouble.
> >>
> >> I have used Solr in my script (php) such that I curl it for query (using
> >> "solr/automata/select?q="). If I make it completely off-public, how
> will my
> >> own site access it?
> >>
> >> Is there any parameter to prevent access by "REMOTE_ADDR"?
> >
> > The basic design intent with Solr is this:
> >
> > 1) A set of servers that handle your website or other applicationthat
> uses Solr.
> > 2) A set of servers that handle Solr.
> > 3) A firewall that allows only relevant traffic from the end users (or
> the internet) to reach the webservers on appropriate ports.  Only trusted
> administrators can reach the Solr servers. If the websites and Solr are not
> on the same network, the firewalling should allow the website servers to
> talk freely to Solr on Solr's port.
> >
> > This means that you can't have purely javascript-driven search boxes,
> unless the javascript sends the search request to code on the webserver
> which cleans it ip and constructs a Solr query from it.
> >
> > Side issue: There are PHP packages for talking to Solr in an
> object-oriented way, rather than using crafting the URLs yourself and using
> curl.  Here's some examples:
> >
> > http://pecl.php.net/package/solr
> > http://www.solarium-project.org/
> >
> > I don't write PHP code myself, but it is usually a lot easier to deal
> with a Solr API than making URLs yourself and parsing the responses.
> >
> > Thanks,
> > Shawn
> >
>
> I have numerous search applications that only involve SOLR, jQuery,
> Apache... and two additional server processes, one of which does query
> validation, adds filtering and does an XSL transform of the search results,
> while the other does a number of application-specific support tasks. No
> SOLR API, except for HTTP.
>
> The most recent search interface I did uses "solrstrap" to do most of the
> UI work.
>
> In summary: No problem making a search interface that runs as a single web
> page.
>
>
>


-- 
Regards,
Raheel Hasan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message