[ https://issues.apache.org/jira/browse/SOLR-14136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17002566#comment-17002566 ]
ASF subversion and git services commented on SOLR-14136: -------------------------------------------------------- Commit d7ff40f53fea84a8e628b4a87d42cb6579161615 in lucene-solr's branch refs/heads/branch_8x from Robert Muir [ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=d7ff40f ] SOLR-14136: ip whitelist/blacklist via env vars (#1111) SOLR-14136: ip whitelist/blacklist via env vars This makes it easy to restrict access to Solr by IP. For example SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and 2000:123:4:5 ipv6 network. Any other IP will receive a 403 response. Blacklisting functionality can deny access to problematic addresses or networks that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" would explicitly prevent those two specific addresses from accessing solr. > add IP-based access control via environ vars > -------------------------------------------- > > Key: SOLR-14136 > URL: https://issues.apache.org/jira/browse/SOLR-14136 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Robert Muir > Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > IP-based access control is supported in jetty, but wrestling the XML can be > difficult for beginners (e.g. wrapping the handler correctly and so on). I > think we should make it easy to use. > SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" > SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org