Hi

See if this article helps you. http://www.findbestopensource.com/article-detail/restrict-solr-admin-access

It has settings with regard to tomcat.

Regards
Ganesh


On 10/6/2015 2:21 AM, Shawn Heisey wrote:
On 10/4/2015 3:07 PM, Siddhartha Singh Sandhu wrote:
I am on page with you guys about the ssh authentication and communicating
with the API's that SOLR has to provide. I simply don't want the GUI as it
is nobody will be able to access it once I set the policy on my server
except for servers in the same network. Also, now that we are on that
issue, does SOLR URL's have checks to guard against penetration attacks as
the "prod setup" guide is so openly available?
If you use the startup scripts that come with the latest version of
Solr, then all the network and HTTP protocol support is provided by
Jetty 9.2.  The Jetty install is reasonably close to a standard
out-of-the-box Jetty config, with unnecessary modules disabled or
removed entirely.  If Jetty does the things you want to know about with
the limited set of modules and config included in Solr, then Solr will
do those things.  If the included Jetty doesn't do those things, then
Solr will not do them either.

If Solr is installed into a separate container, then all the network and
HTTP protocol support is provided by software that receives no official
testing, but may be capable of things that Solr doesn't do if you use
the provided container.

Solr is intended to be installed in a part of your network that already
has access restricted to only authorized personnel.  It is generally not
a good idea to expose ANY internal service to people who have no
business accessing it.  Usually that means restricting access at the
network level to servers that require access, all your employees, and
trusted contractors, but if you are very paranoid, you might restrict it
to only certain employees.

The admin UI is a useful tool in the hands of those who are authorized
to use it, but if you really want to remove it entirely, you can find
the files that power it and delete those files.  You will need to delete
them each time you upgrade Solr as well.  I have not verified this, but
I think that if you delete admin.html, index.html, css, img, js, libs,
partials, and tpl from server/solr-webapp/webapp, this would eliminate
all the static content that powers the admin UI.  This is not likely to
break anything in Solr itself, but it also won't prevent anyone from
doing something malicious to Solr.

Note that if you delete these files and directories on Solr 5.2.1 or
earlier, the files may get re-extracted from the solr.war file, so you
might want to also open the .war file (it's in ZIP format) and remove
them there too.  Solr 5.3.x no longer *has* a .war file -- the webapp is
installed as a directory instead.

Removing the UI will not help with performance, and the files are only
about four megabytes in size ... barely anything to worry about.

Thanks,
Shawn



Reply via email to