I believe the Solr replication scripts require POSTing a commit to read
in the new index--so at least limited POST capability is required in
most scenarios.
-Sean
Lance Norskog wrote:
About that "read-only" switch for Solr: one of the basic HTTP design
guidelines is that GET should only return values, and should never change
the state of the data. All changes to the data should be made with POST. (In
REST style guidelines, PUT, POST, and DELETE.) This prevents you from
passing around URLs in email that can destroy the index. The first role of
security is to prevent accidents.
I would suggest two layers of "read-only" switch. 1) Open the Lucene index
in read-only mode. 2) Allow only search servers to accept GET requests.
Lance
