lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raymond Wiker <rwi...@gmail.com>
Subject Re: SOLR Security - Displaying endpoints to public
Date Tue, 07 Jan 2014 08:45:52 GMT
Indeed it is - but you'll also need mod_proxy ("just" rewriting will not be
sufficient).


On Tue, Jan 7, 2014 at 3:42 AM, Otis Gospodnetic <otis.gospodnetic@gmail.com
> wrote:

> Apache url_rewrite can help with this and it's only a few minutes to set
> up.
>
> Otis
> --
> Performance Monitoring * Log Analytics * Search Analytics
> Solr & Elasticsearch Support * http://sematext.com/
>
>
> On Mon, Jan 6, 2014 at 12:55 PM, Developer <bbarani@gmail.com> wrote:
>
> > Hi,
> >
> > We are currently showing the SOLR endpoints to the public when using our
> > application (public users would be able to view the SOLR endpoints
> > (/select)
> > and the query in debugging console).
> >
> > I am trying to figure out if there is any security threat in terms of
> > displaying the endpoints directly in internet. We have disabled the
> update
> > handler in production so I assume writes / updates are not possible.
> >
> > The below URL mentions a point 'Solr does not concern itself with
> security
> > either at the document level or the communication level. It is strongly
> > recommended that the application server containing Solr be firewalled
> such
> > the only clients with access to Solr are your own.'
> >
> > Is the above statement true even if we just display the read-only
> endpoints
> > to the public users? Can someone please advise?
> >
> > http://wiki.apache.org/solr/SolrSecurity
> >
> >
> >
> > --
> > View this message in context:
> >
> http://lucene.472066.n3.nabble.com/SOLR-Security-Displaying-endpoints-to-public-tp4109792.html
> > Sent from the Solr - User mailing list archive at Nabble.com.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message