The WIKI has a loose interpretation of how to set-up Jetty securely.
Please take a look at the article I wrote here:
http://anthonyw.net/2011/04/securing-jetty-and-solr-with-php-authentication/.
Even if PHP is not your language that sits on top of Solr you can still
use the first part of the tutorial. If you are using Tomcat I would
recommend looking here:
http://blog.comtaste.com/2009/02/securing_your_solr_server_on_t.html
Regards,
-Anthony
On 05/09/2011 05:28 PM, Jan Høydahl wrote:
Hi,
You can simply configure a firewall on your Solr server to only allow access
from your frontend server. Whether you use the built-in software firewall of
Linux/Windows/Whatever or use some other FW utility is a choice you need to
make. This is by design - you should never ever expose your backend services,
whether it's a search server or a database server, to the public.
Read more about Solr security on the WIKI:
http://wiki.apache.org/solr/SolrSecurity
--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com
On 9. mai 2011, at 20.57, Brian Lamb wrote:
Hi all,
Is it possible to set up solr so that it will only execute dataimport
commands if they come from localhost?
Right now, my application and my solr installation are on different servers
so any requests are formatted http://domain:8983 instead of
http://localhost:8983. I am concerned that when I launch my application,
there will be the potential for abuse. Is the best solution to have
everything reside on the same server?
What are some other solutions?
Thanks,
Brian Lamb
--
Anthony Wlodarski
Lead Software Engineer
Get2Know.me (http://www.get2know.me)
Office: 646-285-0500 x217
Fax: 646-285-0400