Return-Path: X-Original-To: apmail-lucene-solr-user-archive@minotaur.apache.org Delivered-To: apmail-lucene-solr-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B3AFF10337 for ; Tue, 4 Nov 2014 13:50:24 +0000 (UTC) Received: (qmail 94504 invoked by uid 500); 4 Nov 2014 13:50:21 -0000 Delivered-To: apmail-lucene-solr-user-archive@lucene.apache.org Received: (qmail 94457 invoked by uid 500); 4 Nov 2014 13:50:21 -0000 Mailing-List: contact solr-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: solr-user@lucene.apache.org Delivered-To: mailing list solr-user@lucene.apache.org Received: (qmail 94440 invoked by uid 99); 4 Nov 2014 13:50:20 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Nov 2014 13:50:20 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of shayso@checkpoint.com designates 194.29.34.68 as permitted sender) Received: from [194.29.34.68] (HELO smtp.checkpoint.com) (194.29.34.68) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Nov 2014 13:49:54 +0000 x-m-msg: CPCHECK Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id sA4DnqA0021550 for ; Tue, 4 Nov 2014 15:49:52 +0200 Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.38]) by IL-EX10.ad.checkpoint.com ([169.254.2.245]) with mapi id 14.03.0181.006; Tue, 4 Nov 2014 15:49:51 +0200 From: Shay Sofer To: "solr-user@lucene.apache.org" Subject: RE: Solr authentication Thread-Topic: Solr authentication Thread-Index: Ac/4LdeWelpDf+KXSX+nXD9tzbAWcP//53WA///XLHA= Date: Tue, 4 Nov 2014 13:49:51 +0000 Message-ID: <8BDEF4EB3BF8E34FBB43BF46A279E19586C1912F@DAG-EX10.ad.checkpoint.com> References: <8BDEF4EB3BF8E34FBB43BF46A279E19586C19119@DAG-EX10.ad.checkpoint.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [194.29.34.193] x-kse-antivirus-interceptor-info: protection disabled Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org Thanks for the quick response. 1. I'm using Solr with Jetty. 2. I'm using Java to access Solr, so I need a way to pass / add this authe= ntication as well. -----Original Message----- From: Tim Dunphy [mailto:bluethundr@gmail.com]=20 Sent: Tuesday, November 04, 2014 3:22 PM To: solr-user@lucene.apache.org Subject: Re: Solr authentication Hi Shay, I'm new to using Solr myself. But what I've done to solve this problem is t= o run Solr via Tomcat. Then I put Apache in front of Tomcat using mod_jk an= d made Solr accessible via SSL on port 443. I also put basic authentication= in front of Apache. That way you have to enter a username and password to = log in. Then I made port 8080 (the native port for Apache Tomcat) inaccessible usin= g the firewall. So that the only way to access the Solr instance was throug= h Apache and entering your password. With everything going over SSL. It's v= ery secure. >From what I read about Solr, there are no security considerations (such as = using a password for access) built in. So the only way to achieve some leve= l of security without doing what I just did is to secure it with a firewall= . Making your Solr instance accessible only from certain IPs. Please someon= e correct me if I'm wrong about that. But the way I did it with running Solr with Apache and SSL and mod_jk over = tomcat is pretty easy. If you google it you will find plenty of useful guid= es out there on how to do this. I'd recommend taking that approach. Tim Sent from my iPhone > On Nov 4, 2014, at 7:53 AM, Shay Sofer wrote: >=20 > Hi, >=20 > I want that my Solr web connection will be protected by username and pass= word. >=20 > When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after l= ogin (with known users). >=20 > Is it possible ? >=20 > Thanks, > Shay. Email secured by Check Point