Re: Securing Solr with BasicAuth

You rock Shawn, thanks! Some follow up questions. Using our existing Apache, or AWS setup, could we prevent those complex/slow denial of service queries? Could we use the same setup to only allow our JavaScript ajax calls direct access or is a light API layer required, and we then lock down Sol

Re: Securing Solr with BasicAuth

On 5/24/2017 2:08 PM, Warden, Jesse wrote: > We don’t want people modifying Solr on our website. We found this plugin: > https://home.apache.org/~ctargett/RefGuidePOC/jekyll-full/basic-authentication-plugin.html#BasicAuthenticationPlugin-EnableBasicAuthentication > > However, if someone goes to se

Securing Solr with BasicAuth

We don’t want people modifying Solr on our website. We found this plugin: https://home.apache.org/~ctargett/RefGuidePOC/jekyll-full/basic-authentication-plugin.html#BasicAuthenticationPlugin-EnableBasicAuthentication However, if someone goes to search on our website, they’re presented with an au

Securing solr web Client

I have secured solr using basic authentication so that php client and curl requests require the password. Using solr cloud as I gave up trying to setup on standalone. However this does not secure the solr web client!!! Where is the documentation to secure solr web client? Any direction gratefu

Re: Securing solr 5.2 basic auth permission rules

aded into the classloader with the new jetty modules setup. > > > Marshall Sanders > Technical Lead – Software Engineer > Autotrader.com > 404-568-7130 > > -Original Message- > From: Sanders, Marshall (AT - Atlanta) [mailto: > marshall.sand...@autotrade

RE: Securing solr 5.2 basic auth permission rules

e.org Subject: RE: Securing solr 5.2 basic auth permission rules So the issue is that when it's stated that solr runs on jetty 9 what it really means is that it runs on 5% of jetty9 and the other 95% has been stripped out. (WH! It's only ~13 MB) You'll need to download the ap

RE: Securing solr 5.2 basic auth permission rules

mber 17, 2015 2:28 PM To: solr-user@lucene.apache.org Subject: RE: Securing solr 5.2 basic auth permission rules I'm actually trying to do something similar with 5.3 We're in the process of upgrading from 4.10 and were previously using jaas to secure dih pages and a few others and had

RE: Securing solr 5.2 basic auth permission rules

ith the new jetty9 modules/classloaders it's proving a challenge. Marshall Sanders Technical Lead – Software Engineer Autotrader.com 404-568-7130 -Original Message- From: Aziz Gaou [mailto:gaoua...@gmail.com] Sent: Thursday, September 17, 2015 5:55 AM To: solr-user@lucene.apache.or

Re: Securing solr 5.2 basic auth permission rules

thank you so much for your reply, Now, i try to protect Apache Solr 5 admin with jetty, when I change 1) sudo nano /opt/solr/server/etc/webdefault.xml Solr /* search-role BASIC Solr Realm 2) i changed too "*jetty.xml *

Re: Securing solr 5.2 basic auth permission rules

thank you so much for your reply 2015-09-16 18:58 GMT+00:00 Anshum Gupta : > Basic authentication (and the API support, that you're trying to use) was > only released with 5.3.0 so it wouldn't work with 5.2. > 5.2 only had the authentication and authorization frameworks, and shipped > with Kerber

Re: Securing solr 5.2 basic auth permission rules

Basic authentication (and the API support, that you're trying to use) was only released with 5.3.0 so it wouldn't work with 5.2. 5.2 only had the authentication and authorization frameworks, and shipped with Kerberos authentication plugin out of the box. There are a few known issues with that thou

Fwd: Securing solr 5.2 basic auth permission rules

Hi, I try to follow: https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin, to protect Solr 5.2 Admin with password, but I have not been able to secure. 1) When I run the following command: curl --user solr:SolrRocks http://localhost:8983/solr/admin/authentication -H 'Cont

Securing Solr 5.3 with Basic Authentication

+Solr and http://lucidworks.com/blog/securing-solr-basic-auth-permission-rules: I followed this steps: *1) Set up a Zookeeper Ensemble (3 nodes).* *2) I upload the filesecurity.json to Zookeper* I used this command to upload the file: zkcli.bat -zkhost localhost:2181 -cmd putfile /security.json

Re: Securing solr index

That said, it might be nice with a wiki-page (or something) explaining how it can be done, including maybe concrete cases about exactly how it has been done on different installations around the world using Solr On 14/04/15 14:03, Per Steffensen wrote: Hi I might misunderstand you, but if you

RE: Securing solr index

From: Per Steffensen [mailto:st...@designware.dk] Sent: Tuesday, April 14, 2015 8:04 AM To: solr-user@lucene.apache.org Subject: Re: Securing solr index Hi I might misunderstand you, but if you are talking about securing the actual files/folders of the index, I do not think this is a Solr/Lucene co

Re: Securing solr index

Hi I might misunderstand you, but if you are talking about securing the actual files/folders of the index, I do not think this is a Solr/Lucene concern. Use standard mechanisms of your OS. E.g. on linux/unix use chown, chgrp, chmod, sudo, apparmor etc - e.g. allowing only root to write the fo

Re: Securing solr index

Where you want true Role-Based Access Control (RBAC) on each index (core or collection), one solution is to buy Solr Enterprise from LucidWorks. My personal practice is mostly dictated by financial decisions: - Each core/index has its configuration directory in a Git repository/branch where

Securing solr index

Hi, We are having the solr index maintained in a central server and multiple users might be able to access the index data. May I know what are best practice for securing the solr index folder where ideally only application user should be able to access. Even an admin user should not be able to

Re: Securing Solr 5.0.0

n : >> >>> Have you looked at https://wiki.apache.org/solr/SolrSecurity? >>> >>> Best, >>> Erick >>> >>> On Sun, Mar 22, 2015 at 4:20 AM, Frederik Arnold >> >>> wrote: >>>> I followed the "Taking Solr to Producti

Re: Securing Solr 5.0.0

> > wrote: > > > I followed the "Taking Solr to Production" tutorial and I now have an > > > solr 5.0.0 instance up and running. > > > > > > What is the recommended way for securing solr? > > > Searching should be available for everyone but I want authentication > for > > > the Solr Admin UI and also for posting and deleting files. > > >

Re: Securing Solr 5.0.0

Mar 22, 2015 at 4:20 AM, Frederik Arnold > wrote: > > I followed the "Taking Solr to Production" tutorial and I now have an > > solr 5.0.0 instance up and running. > > > > What is the recommended way for securing solr? > > Searching should be available fo

Re: Securing Solr 5.0.0

Have you looked at https://wiki.apache.org/solr/SolrSecurity? Best, Erick On Sun, Mar 22, 2015 at 4:20 AM, Frederik Arnold wrote: > I followed the "Taking Solr to Production" tutorial and I now have an > solr 5.0.0 instance up and running. > > What is the recommended

Securing Solr 5.0.0

I followed the "Taking Solr to Production" tutorial and I now have an solr 5.0.0 instance up and running. What is the recommended way for securing solr? Searching should be available for everyone but I want authentication for the Solr Admin UI and also for posting and deleting files.

Re: securing Solr Admin

On 10/22/2013 1:04 PM, Stephanie Huynh wrote: How do I unsubscribe? http://lucene.apache.org/solr/discussion.html#solr-user-list-solr-userlucene

RE: securing Solr Admin

How do I unsubscribe? -Original Message- From: Shawn Heisey [mailto:s...@elyograg.org] Sent: Tuesday, October 22, 2013 12:01 PM To: solr-user@lucene.apache.org Subject: Re: securing Solr Admin On 10/22/2013 11:52 AM, Raymond Wiker wrote: > I have numerous search applications that o

Re: securing Solr Admin

On 10/22/2013 11:52 AM, Raymond Wiker wrote: I have numerous search applications that only involve SOLR, jQuery, Apache... and two additional server processes, one of which does query validation, adds filtering and does an XSL transform of the search results, while the other does a number of ap

Re: securing Solr Admin

ok thats very knowledgeable... thanks.. I will try to put a firewall to prevent some access... What I was looking for was some global & simple setting (like in the core setting) that prevents access to certain ip... or an htaccess type settings allowed for the core... But I guess thats not part o

Re: securing Solr Admin

On Oct 22, 2013, at 19:29 , Shawn Heisey wrote: > On 10/22/2013 8:09 AM, Raheel Hasan wrote: >> This sounds like trouble. >> >> I have used Solr in my script (php) such that I curl it for query (using >> "solr/automata/select?q="). If I make it completely off-public, how will my >> own site acces

Re: securing Solr Admin

On 10/22/2013 8:09 AM, Raheel Hasan wrote: This sounds like trouble. I have used Solr in my script (php) such that I curl it for query (using "solr/automata/select?q="). If I make it completely off-public, how will my own site access it? Is there any parameter to prevent access by "REMOTE_ADDR"

Re: securing Solr Admin

On Oct 22, 2013, at 15:32 , Raheel Hasan wrote: > Hi, > > I want to know how to secure the admin section. The site " > http://wiki.apache.org/solr/SolrSecurity"; has a lot of stuff, but I want to > put htaccess based restriction. > > Can anyone tell me where to place the htaccess? > > I am usin

Re: securing Solr Admin

This sounds like trouble. I have used Solr in my script (php) such that I curl it for query (using "solr/automata/select?q="). If I make it completely off-public, how will my own site access it? Is there any parameter to prevent access by "REMOTE_ADDR"? Thanks. On Tue, Oct 22, 2013 at 6:49 PM

Re: securing Solr Admin

On 10/22/2013 7:32 AM, Raheel Hasan wrote: > I want to know how to secure the admin section. The site " > http://wiki.apache.org/solr/SolrSecurity"; has a lot of stuff, but I want to > put htaccess based restriction. > > Can anyone tell me where to place the htaccess? > > I am using solr 4.3 Res

securing Solr Admin

Hi, I want to know how to secure the admin section. The site " http://wiki.apache.org/solr/SolrSecurity"; has a lot of stuff, but I want to put htaccess based restriction. Can anyone tell me where to place the htaccess? I am using solr 4.3 thanks. -- Regards, Raheel Hasan

Re: Securing SOLR REST API

Sent from my iPhone On Jul 10, 2013, at 10:22 AM, "Pires, Guilherme" wrote: > Hello Everyone, > > I have been developing several solutions, mainly geospatial, that include > solr. > The availability of the restful services seem to bother a lot of people. > Mainly IT security, of course. >

Re: Securing SOLR REST API

Hi Guilherme, see - Steve On Jul 10, 2013, at 10:22 AM, "Pires, Guilherme" wrote: > Hello Everyone, > > I have been developing several solutions, mainly geospatial, that include > solr. > The availability of the restful services seem to bother a lot

Securing SOLR REST API

Hello Everyone, I have been developing several solutions, mainly geospatial, that include solr. The availability of the restful services seem to bother a lot of people. Mainly IT security, of course. How can I guarantee that Solr services are only 'called' from my web html5/jquery based applica

securing solr with jboss

Hi, i want same thing as the following but with jboss: http://knackforge.com/blog/sivaji/how-protect-apache-solr-admin-console how can i do that? any hint, or tutorial what can be helpful? regards, hassan -- View this message in context: http://lucene.472066.n3.nabble.com/securing-solr

Re: Deploying and securing Solr war in JBoss AS

Hi Billy see http://wiki.apache.org/solr/SolrSecurity One approach is keep master internal, read only slaves with just select handlers defined in the solr config for public facing requests. See your app container security docs for other approaches On 1 October 2012 16:32, Billy Newman wrote: >

Deploying and securing Solr war in JBoss AS

I am struggling with how to protect the Solr URLs (esp. the admin page(s)) when I deploy solr to JBoss. I know that I can extract the web.xml from the war and mess with that, but was wondering if there was a way to deploy the war as-is and modify some JBoss config file to protect that wars URL(s).

Re: Securing Solr with Tomcat

es. I’d appreciate your input on this. > > Thanks in Anticipation. > > -- > View this message in context: > http://lucene.472066.n3.nabble.com/Securing-Solr-with-Tomcat-tp3900737p3900737.html > Sent from the Solr - User mailing list archive at Nabble.com. >

Securing Solr with Tomcat

this. Thanks in Anticipation. -- View this message in context: http://lucene.472066.n3.nabble.com/Securing-Solr-with-Tomcat-tp3900737p3900737.html Sent from the Solr - User mailing list archive at Nabble.com.

Re: Securing Solr under Tomcat - IP best way?

oples time but can anyone elaborate more on the kind of firewall rules I should be looking at? -- View this message in context: http://lucene.472066.n3.nabble.com/Securing-Solr-under-Tomcat-IP-best-way-tp3899929p3900040.html Sent from the Solr - User mailing list archive at Nabble.com. --

Re: Securing Solr under Tomcat - IP best way?

Thank you for the reply. I hate to take more of peoples time but can anyone elaborate more on the kind of firewall rules I should be looking at? -- View this message in context: http://lucene.472066.n3.nabble.com/Securing-Solr-under-Tomcat-IP-best-way-tp3899929p3900040.html Sent from the Solr

Re: Securing Solr under Tomcat - IP best way?

nx, and Nutch and Solr under Tomcat. Is the best security practice for > securing Solr under Tomcat simply to only allow requests only from > 127.0.0.1. This way Solr isn’t exposed to the outside world and is only > compromised when the server is hacked, at which point I’m buggered anyway? &g

Securing Solr under Tomcat - IP best way?

Hi, I’m in the process of working how to configure and secure my server running Nginx, and Nutch and Solr under Tomcat. Is the best security practice for securing Solr under Tomcat simply to only allow requests only from 127.0.0.1. This way Solr isn’t exposed to the outside world and is only

Re: Securing solr

Hi, if you run Apache in front of your Tomcat-Instance/Servlet-Container, you can do that by specifying access-rules in your .htaccess-file (either password-based or IP-based). However there also exist Tomcat, JBoss, xyz-specific methods to do that. Try to search for it specific to your servlet-

Re: Securing solr

On 4 March 2012 19:51, Ramo Karahasan wrote: [...] > i'm somehow unable to "secure" my  solr instance that runs on a dedicated > server. I have a webapplication that needs this solr instance, but the > webserver is running on another dedicated server. Is it possible to somehow > secure the solr in

Securing solr

Hi, i'm somehow unable to "secure" my solr instance that runs on a dedicated server. I have a webapplication that needs this solr instance, but the webserver is running on another dedicated server. Is it possible to somehow secure the solr instance, e.g. with a web authentication mechanism or

Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD

ml with no change. I'm looking through the httpclient authentication now. -Jon -Original Message- From: Sharp, Jonathan Sent: Friday, July 16, 2010 8:59 AM To: 'solr-user@lucene.apache.org' Subject: RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD Hi Bilgin, Than

Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD

t; Sent: Friday, July 16, 2010 8:59 AM > To: 'solr-user@lucene.apache.org' > Subject: RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD > > Hi Bilgin, > > Thanks for the snippet -- that helps a lot. > > -Jon > > -Original Message- > F

RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD

authentication now. -Jon -Original Message- From: Sharp, Jonathan Sent: Friday, July 16, 2010 8:59 AM To: 'solr-user@lucene.apache.org' Subject: RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD Hi Bilgin, Thanks for the snippet -- that helps a lot. -Jon -Origin

RE: Securing Solr 1.4 in a glassfish container AS NEW THREAD

Hi Bilgin, Thanks for the snippet -- that helps a lot. -Jon -Original Message- From: Bilgin Ibryam [mailto:bibr...@gmail.com] Sent: Friday, July 16, 2010 1:31 AM To: solr-user@lucene.apache.org Subject: Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD Hi Jon, SolrJ

Re: Securing Solr 1.4 in a glassfish container AS NEW THREAD

quot;, 80, AuthScope.ANY_REALM), defaultcreds); HTH Bilgin Ibryam On Fri, Jul 16, 2010 at 2:35 AM, Sharp, Jonathan wrote: > Hi All, > > I am considering securing Solr with basic auth in glassfish using the > container, by adding to web.xml and adding sun-web.xml file to the > distribu

Securing Solr 1.4 in a glassfish container AS NEW THREAD

Hi All, I am considering securing Solr with basic auth in glassfish using the container, by adding to web.xml and adding sun-web.xml file to the distributed WAR as below. If using SolrJ to index files, how can I provide the credentials for authentication to the http-client (or can

Securing Solr 1.4 in a glassfish container

Hi All, I am considering securing Solr with basic auth in glassfish using the container, by adding to web.xml and adding sun-web.xml file to the distributed WAR as below. If using SolrJ to index files, how can I provide the credentials for authentication to the http-client (or can someone

Re: securing solr

ccess control is preferable for our needs. This veers into jetty configuration, but I found the documentation for using the IPAccessHandler lacking. Has anyone gotten this to work? If so, would you mind sharing your configuration? General tips on securing solr are most welcome. Yep. In the addListen

securing solr

into jetty configuration, but I found the documentation for using the IPAccessHandler lacking. Has anyone gotten this to work? If so, would you mind sharing your configuration? General tips on securing solr are most welcome. Duane Gran smime.p7s Description: S/MIME cryptographic signature