Front it with request handler(s) and get security for free :) (top level not cite specific it'd have to be)
> On Nov 10, 2015, at 14:24, Upayavira <u...@odoko.co.uk> wrote: > > Noble, > > I get that a UI which is open source does not benefit from ACL control - > we're not giving away anything that isn't public (other than perhaps > info that could be used to identify the version of Solr, or even the > fact that it *is* solr). > > However, from a user experience point of view, requiring credentials to > see the UI would be more conventional, and therefore lead to less > confusion. Is it possible for us to protect the UI static files, only > for the sake of user experience, rather than security? > > Upayavira > >> On Tue, Nov 10, 2015, at 12:01 PM, Noble Paul wrote: >> The admin UI is a bunch of static pages . We don't let the ACL control >> static content >> >> you must blacklist all the core/collection apis and it is pretty much >> useless for anyone to access the admin UI (w/o the credentials , of >> course) >> >>> On Tue, Nov 10, 2015 at 7:08 AM, 马柏樟 <mabaizh...@126.com> wrote: >>> Hi, >>> >>> After I configure Authentication with Basic Authentication Plugin and >>> Authorization with Rule-Based Authorization Plugin, How can I prevent the >>> strangers from visiting my solr by browser? For example, if the stranger >>> visit the http://(my host):8983, the browser will pop up a window and says >>> "the server http://(my host):8983 requires a username and password...." >> >> >> >> -- >> ----------------------------------------------------- >> Noble Paul