You should also separate your indexer from your searcher and make the
searcher request handlers allow search only (remove the handlers you
don't need). You could also lock down the request parameters that
they take, too, by using invariants, etc.
Have a look in your solrconfig.xml. You could, of course, also have a
ServletFilter in front of Solr or some other type of firewall that
just throws away the requests you don't wish to support.
And, of course, firewalls can be used, too.
On Oct 7, 2009, at 4:50 PM, Lance Norskog wrote:
There are no security features in Solr 1.4. You cannot do this.
It would be really simple to implement a hack where all management
must be done via POST, and then allow the configuration to ban POST
requests.
On 10/7/09, clico wrote:
Hi everybody
As I'm ready to deploy my solr server (after many tests and use
cases)
I'd like ton configure my server in order that some request cannot
be post
As an example :
My CMS or data app can use
- dataimport
- and other indexing commands
My website can only perform a search on the server
could one explain me where this configuration has to be done?
Thanks
--
View this message in context:
http://www.nabble.com/manage-rights-tp25784152p25784152.html
Sent from the Solr - User mailing list archive at Nabble.com.
--
Lance Norskog
goks...@gmail.com
--
Grant Ingersoll
http://www.lucidimagination.com/
Search the Lucene ecosystem (Lucene/Solr/Nutch/Mahout/Tika/Droids)
using Solr/Lucene:
http://www.lucidimagination.com/search
