lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shay Sofer <sha...@checkpoint.com>
Subject RE: Solr authentication
Date Tue, 04 Nov 2014 13:49:51 GMT
Thanks for the quick response.

	1.  I'm using Solr with Jetty.
	2. I'm using Java to access Solr, so I need a way to pass / add this authentication as well.




-----Original Message-----
From: Tim Dunphy [mailto:bluethundr@gmail.com] 
Sent: Tuesday, November 04, 2014 3:22 PM
To: solr-user@lucene.apache.org
Subject: Re: Solr authentication

Hi Shay,

I'm new to using Solr myself. But what I've done to solve this problem is to run Solr via
Tomcat. Then I put Apache in front of Tomcat using mod_jk and made Solr accessible via SSL
on port 443. I also put basic authentication in front of Apache. That way you have to enter
a username and password to log in.

Then I made port 8080 (the native port for Apache Tomcat) inaccessible using the firewall.
So that the only way to access the Solr instance was through Apache and entering your password.
With everything going over SSL. It's very secure.

>From what I read about Solr, there are no security considerations (such as using a password
for access) built in. So the only way to achieve some level of security without doing what
I just did is to secure it with a firewall. Making your Solr instance accessible only from
certain IPs. Please someone correct me if I'm wrong about that.

But the way I did it with running Solr with Apache and SSL and mod_jk over tomcat is pretty
easy. If you google it you will find plenty of useful guides out there on how to do this.
I'd recommend taking that approach.

Tim

Sent from my iPhone

> On Nov 4, 2014, at 7:53 AM, Shay Sofer <shayso@checkpoint.com> wrote:
> 
> Hi,
> 
> I want that my Solr web connection will be protected by username and password.
> 
> When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after login (with known
users).
> 
> Is it possible ?
> 
> Thanks,
> Shay.

Email secured by Check Point

Mime
View raw message