Noble, I get that a UI which is open source does not benefit from ACL control - we're not giving away anything that isn't public (other than perhaps info that could be used to identify the version of Solr, or even the fact that it *is* solr).
However, from a user experience point of view, requiring credentials to see the UI would be more conventional, and therefore lead to less confusion. Is it possible for us to protect the UI static files, only for the sake of user experience, rather than security? Upayavira On Tue, Nov 10, 2015, at 12:01 PM, Noble Paul wrote: > The admin UI is a bunch of static pages . We don't let the ACL control > static content > > you must blacklist all the core/collection apis and it is pretty much > useless for anyone to access the admin UI (w/o the credentials , of > course) > > On Tue, Nov 10, 2015 at 7:08 AM, 马柏樟 <mabaizh...@126.com> wrote: > > Hi, > > > > After I configure Authentication with Basic Authentication Plugin and > > Authorization with Rule-Based Authorization Plugin, How can I prevent the > > strangers from visiting my solr by browser? For example, if the stranger > > visit the http://(my host):8983, the browser will pop up a window and says > > "the server http://(my host):8983 requires a username and password...." > > > > -- > ----------------------------------------------------- > Noble Paul
