Hi Shawn and Andrew, I am on page with you guys about the ssh authentication and communicating with the API's that SOLR has to provide. I simply don't want the GUI as it is nobody will be able to access it once I set the policy on my server except for servers in the same network. Also, now that we are on that issue, does SOLR URL's have checks to guard against penetration attacks as the "prod setup" guide is so openly available?
Regards, Sid. On Sun, Oct 4, 2015 at 4:55 AM, Andrea Open Source < andrearoggerone.o...@gmail.com> wrote: > Hi, > As Shawn is saying, disabling the Admin interface is not the right way to > go. If you just disable the admin interface users could still run queries > and you don't want that. The solution that you're looking for, is enabling > the ssh authentication so only the users with the right certificate can > query Solr or reach the admin. > > > King Regards, > Andrea Roggerone > > > On 04/ott/2015, at 08:11, Shawn Heisey <apa...@elyograg.org> wrote: > > > >> On 10/3/2015 9:17 PM, Siddhartha Singh Sandhu wrote: > >> I want to disable the admin interface in SOLR. I understand that > >> authentication is available in the solrcloud mode but until that > happens I > >> want to disable the admin interface in my prod environment. > >> > >> How can I do this? > > > > Why do you need to disable the admin interface? The admin interface is > > just a bunch of HTML, CSS, and Javascript. It downloads code that runs > > inside your browser and turns it into a tool that can manipulate Solr. > > > > The parts of Solr that need protecting are the APIs that the admin > > interface calls. When authentication is enabled in the newest Solr > > versions, it is not the admin interface that is protected, it is those > > APIs called by the admin interface. Anyone can use those APIs directly, > > completely independent of the interface. > > > > Thanks > > Shawn > > >
