Robert Muir created SOLR-14148:
----------------------------------
Summary: enable IP access control by default
Key: SOLR-14148
URL: https://issues.apache.org/jira/browse/SOLR-14148
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Robert Muir
Currently network access is wide-open to the world and the user has to "secure"
it through steps on the securing solr page. Instead the user is asked to
explicitly "tune a firewall"... these are not good defaults.
It would be much better if access was restricted by default via ACL (e.g. to
{{127.0.0.0/8, [::1]}}), and the user instead explicitly grants access to
hosts/networks that should have it. Similar to PostgreSQL's {{pg_hba.conf}}.
Just like {{pg_hba.conf}}, this is separate from what interfaces are bound to
by default.
We could remove the IP-based ACL step from securing solr page, and even change
or remove the "firewall" wording at the top.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
