Hi, Does "open for public" mean end users through browser or web sites through API? In either case you should have a front end proxying the traffic through to Solr, which explicitly allows only parameters that you allow.
-- Jan Høydahl - search architect Cominvent AS - www.cominvent.com On 17. feb. 2010, at 14.07, Vijayant Kumar wrote: > Hi Xavier, > > Thanks for your feedback > the firewall rule for the trusted IP is not fessiable for us because the > application is open for public so we can not work through IP banning. >> Vijayant Kumar wrote: >>> Hi Group, >>> >>> I need some feedback on solr security. >>> >>> For Making by solr admin password protected, >>> I had used the Path Based Authentication form >>> http://wiki.apache.org/solr/SolrSecurity. >>> >>> In this way my admin area,search,delete,add to index is protected.But >>> Now >>> when I make solr authenticated then for every update/delete from the >>> fornt >>> end is blocked without authentication. >>> >>> I do not need this authentication from the front end so I simply pass >>> the >>> username and password to the solr in my fornt end scripts and it is >>> working fine. I had done it in the below way. >>> >>> http://username:passw...@localhost:8983/solr/admin/update >>> I need your suggestion and feed back on the above method.Is it fessiable >>> method and secure? TO over come from this issue is there any alternate >>> method? >> Hey, >> >> there is at least another solution. You can set a firewall rule that >> allow connections to the Solr's port only from trusted IPs. >> > > > -- > > Thank you, > Vijayant Kumar > Software Engineer > Website Toolbox Inc. > http://www.websitetoolbox.com > 1-800-921-7803 x211 >
