Return-Path: X-Original-To: apmail-lucene-solr-user-archive@minotaur.apache.org Delivered-To: apmail-lucene-solr-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 43B761824C for ; Sun, 4 Oct 2015 21:07:24 +0000 (UTC) Received: (qmail 2365 invoked by uid 500); 4 Oct 2015 21:07:21 -0000 Delivered-To: apmail-lucene-solr-user-archive@lucene.apache.org Received: (qmail 2301 invoked by uid 500); 4 Oct 2015 21:07:21 -0000 Mailing-List: contact solr-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: solr-user@lucene.apache.org Delivered-To: mailing list solr-user@lucene.apache.org Received: (qmail 2289 invoked by uid 99); 4 Oct 2015 21:07:20 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 04 Oct 2015 21:07:20 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 12E6E180A50 for ; Sun, 4 Oct 2015 21:07:20 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.881 X-Spam-Level: ** X-Spam-Status: No, score=2.881 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id KZatz3-AF_d6 for ; Sun, 4 Oct 2015 21:07:14 +0000 (UTC) Received: from mail-ig0-f170.google.com (mail-ig0-f170.google.com [209.85.213.170]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 204A8201F9 for ; Sun, 4 Oct 2015 21:07:14 +0000 (UTC) Received: by igcpb10 with SMTP id pb10so50508844igc.1 for ; Sun, 04 Oct 2015 14:07:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=bnXUwUv4cVjALwAw9ZnSxCT4JoowBrKgmVDwrjCVtzg=; b=U8Nys/lQhVt96cnH1gAOq81ICxRlX4a1AC6D8+XmBNlisglrbT86ogrksv9Sa5D9Nl hIPJMSULQsaKzM2LNGQY9nayJcEKjVO0G8douVHmEhkbTF/8GuKwTvv8hMgKrIBt7TPa xF3gpRwq+5m2B69v8a3/4LqZU6NMio8N4fBFdRCgdr9iW0kOZET41ax10qqXeJIslSpx +iU4sfc7Ot022S4ps1Zw4S3Qjj7ELc0pVLkjQwVtpOwuv6LzdXEA3dhHf68/2zAyp6OG kN4OKPmLVDuqE3RD/faF6+Y+m6ezeHLTgKzkDzAmMLYFH+kbntRO/y5akvn0lBBnfmab 98kw== MIME-Version: 1.0 X-Received: by 10.50.79.229 with SMTP id m5mr6337948igx.1.1443992833088; Sun, 04 Oct 2015 14:07:13 -0700 (PDT) Received: by 10.36.36.84 with HTTP; Sun, 4 Oct 2015 14:07:13 -0700 (PDT) In-Reply-To: <2DA56D5B-C2E7-419E-8577-0E8D3C112C87@gmail.com> References: <5610D12A.7000909@elyograg.org> <2DA56D5B-C2E7-419E-8577-0E8D3C112C87@gmail.com> Date: Sun, 4 Oct 2015 17:07:13 -0400 Message-ID: Subject: Re: How to disable the admin interface From: Siddhartha Singh Sandhu To: solr-user@lucene.apache.org Content-Type: multipart/alternative; boundary=089e0122a3fadfe3f505214dc7eb --089e0122a3fadfe3f505214dc7eb Content-Type: text/plain; charset=UTF-8 Hi Shawn and Andrew, I am on page with you guys about the ssh authentication and communicating with the API's that SOLR has to provide. I simply don't want the GUI as it is nobody will be able to access it once I set the policy on my server except for servers in the same network. Also, now that we are on that issue, does SOLR URL's have checks to guard against penetration attacks as the "prod setup" guide is so openly available? Regards, Sid. On Sun, Oct 4, 2015 at 4:55 AM, Andrea Open Source < andrearoggerone.osrc@gmail.com> wrote: > Hi, > As Shawn is saying, disabling the Admin interface is not the right way to > go. If you just disable the admin interface users could still run queries > and you don't want that. The solution that you're looking for, is enabling > the ssh authentication so only the users with the right certificate can > query Solr or reach the admin. > > > King Regards, > Andrea Roggerone > > > On 04/ott/2015, at 08:11, Shawn Heisey wrote: > > > >> On 10/3/2015 9:17 PM, Siddhartha Singh Sandhu wrote: > >> I want to disable the admin interface in SOLR. I understand that > >> authentication is available in the solrcloud mode but until that > happens I > >> want to disable the admin interface in my prod environment. > >> > >> How can I do this? > > > > Why do you need to disable the admin interface? The admin interface is > > just a bunch of HTML, CSS, and Javascript. It downloads code that runs > > inside your browser and turns it into a tool that can manipulate Solr. > > > > The parts of Solr that need protecting are the APIs that the admin > > interface calls. When authentication is enabled in the newest Solr > > versions, it is not the admin interface that is protected, it is those > > APIs called by the admin interface. Anyone can use those APIs directly, > > completely independent of the interface. > > > > Thanks > > Shawn > > > --089e0122a3fadfe3f505214dc7eb--