lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Heisey <apa...@elyograg.org>
Subject Re: https
Date Thu, 09 Mar 2017 00:30:55 GMT
On 3/8/2017 12:11 PM, pubdiverses wrote:
> I have a site https://site.com under Apache.
> On the same physical server, i've installed solr.
>
> Inside https://site.com, i've a search form wich call solr with
> http://xxx.xxx.xxx.xxx/solr.
>
> But the browser says : "mixt content" and blocks the call.
>
> So, i need to have something like https://xxx.xxx.xxx.xxx/solr
>
> Is it possible ?

Alexandre and Phil already mentioned this, but it's so critical that I'm
going to repeat it.

This is a VERY BAD idea.

This exposes Solr directly to the Internet, which means that unless you
take *SPECIAL* effort with an intelligent proxy server, which is not at
all trivial to secure properly, then anybody on the Internet can change
your index, delete your index, or send denial of service queries that
make it so your legitimate users cannot utilize your search.

Whether HTTPS is used or not, do not expose Solr directly to the
Internet.  Instead, use server-side web application code to access it
behind the firewall.

Thanks,
Shawn


Mime
View raw message