lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Siddhartha Singh Sandhu <sandhus...@gmail.com>
Subject Re: How to disable the admin interface
Date Sun, 04 Oct 2015 21:07:13 GMT
Hi Shawn and Andrew,

I am on page with you guys about the ssh authentication and communicating
with the API's that SOLR has to provide. I simply don't want the GUI as it
is nobody will be able to access it once I set the policy on my server
except for servers in the same network. Also, now that we are on that
issue, does SOLR URL's have checks to guard against penetration attacks as
the "prod setup" guide is so openly available?

Regards,
Sid.

On Sun, Oct 4, 2015 at 4:55 AM, Andrea Open Source <
andrearoggerone.osrc@gmail.com> wrote:

> Hi,
> As Shawn is saying, disabling the Admin interface is not the right way to
> go. If you just disable the admin interface users could still run queries
> and you don't want that. The solution that you're looking for, is enabling
> the ssh authentication so only the users with the right certificate can
> query Solr or reach the admin.
>
>
> King Regards,
> Andrea Roggerone
>
> > On 04/ott/2015, at 08:11, Shawn Heisey <apache@elyograg.org> wrote:
> >
> >> On 10/3/2015 9:17 PM, Siddhartha Singh Sandhu wrote:
> >> I want to disable the admin interface in SOLR. I understand that
> >> authentication is available in the solrcloud mode but until that
> happens I
> >> want to disable the admin interface in my prod environment.
> >>
> >> How can I do this?
> >
> > Why do you need to disable the admin interface?  The admin interface is
> > just a bunch of HTML, CSS, and Javascript.  It downloads code that runs
> > inside your browser and turns it into a tool that can manipulate Solr.
> >
> > The parts of Solr that need protecting are the APIs that the admin
> > interface calls.  When authentication is enabled in the newest Solr
> > versions, it is not the admin interface that is protected, it is those
> > APIs called by the admin interface.  Anyone can use those APIs directly,
> > completely independent of the interface.
> >
> > Thanks
> > Shawn
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message