[
https://issues.apache.org/jira/browse/SOLR-14136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17002566#comment-17002566
]
ASF subversion and git services commented on SOLR-14136:
--------------------------------------------------------
Commit d7ff40f53fea84a8e628b4a87d42cb6579161615 in lucene-solr's branch
refs/heads/branch_8x from Robert Muir
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=d7ff40f ]
SOLR-14136: ip whitelist/blacklist via env vars (#1111)
SOLR-14136: ip whitelist/blacklist via env vars
This makes it easy to restrict access to Solr by IP. For example
SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would
restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and
2000:123:4:5 ipv6 network. Any other IP will receive a 403 response.
Blacklisting functionality can deny access to problematic addresses or networks
that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3,
192.168.0.4" would explicitly prevent those two specific addresses from
accessing solr.
> add IP-based access control via environ vars
> --------------------------------------------
>
> Key: SOLR-14136
> URL: https://issues.apache.org/jira/browse/SOLR-14136
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> IP-based access control is supported in jetty, but wrestling the XML can be
> difficult for beginners (e.g. wrapping the handler correctly and so on). I
> think we should make it easy to use.
> SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64"
> SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4"
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
