lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Siddhartha Singh Sandhu <sandhus...@gmail.com>
Subject Re: How to disable the admin interface
Date Mon, 05 Oct 2015 18:34:40 GMT
Help please?

On Sun, Oct 4, 2015 at 5:07 PM, Siddhartha Singh Sandhu <
sandhusolr@gmail.com> wrote:

> Hi Shawn and Andrew,
>
> I am on page with you guys about the ssh authentication and communicating
> with the API's that SOLR has to provide. I simply don't want the GUI as it
> is nobody will be able to access it once I set the policy on my server
> except for servers in the same network. Also, now that we are on that
> issue, does SOLR URL's have checks to guard against penetration attacks as
> the "prod setup" guide is so openly available?
>
> Regards,
> Sid.
>
> On Sun, Oct 4, 2015 at 4:55 AM, Andrea Open Source <
> andrearoggerone.osrc@gmail.com> wrote:
>
>> Hi,
>> As Shawn is saying, disabling the Admin interface is not the right way to
>> go. If you just disable the admin interface users could still run queries
>> and you don't want that. The solution that you're looking for, is enabling
>> the ssh authentication so only the users with the right certificate can
>> query Solr or reach the admin.
>>
>>
>> King Regards,
>> Andrea Roggerone
>>
>> > On 04/ott/2015, at 08:11, Shawn Heisey <apache@elyograg.org> wrote:
>> >
>> >> On 10/3/2015 9:17 PM, Siddhartha Singh Sandhu wrote:
>> >> I want to disable the admin interface in SOLR. I understand that
>> >> authentication is available in the solrcloud mode but until that
>> happens I
>> >> want to disable the admin interface in my prod environment.
>> >>
>> >> How can I do this?
>> >
>> > Why do you need to disable the admin interface?  The admin interface is
>> > just a bunch of HTML, CSS, and Javascript.  It downloads code that runs
>> > inside your browser and turns it into a tool that can manipulate Solr.
>> >
>> > The parts of Solr that need protecting are the APIs that the admin
>> > interface calls.  When authentication is enabled in the newest Solr
>> > versions, it is not the admin interface that is protected, it is those
>> > APIs called by the admin interface.  Anyone can use those APIs directly,
>> > completely independent of the interface.
>> >
>> > Thanks
>> > Shawn
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message