Wait a second. There are other sorts of ways to secure Solr that don't work with any sort role-based security control. What I do is place a reverse-proxy in front of Apache Solr on port 80, and have that reverse proxy use CAS authentication. I also have a list of "valid-users" who may use the Solr admin UI.
Then, I have port 8983 open in my port-based host firewall (iptables), but it only allows the hosts that need to talk directly to Solr. Firewalls prevent the other accesses. Many security wrappers such as mod_auth_cas, which works with Apache httpd, can set a request header such as REMOTE_USER to the username of the individual who has authenticated with the wrapper. In fact, I'm hoping security.json can eventually be made to work with such a header. -----Original Message----- From: Noble Paul [mailto:noble.p...@gmail.com] Sent: Friday, December 11, 2015 8:12 PM To: solr-user@lucene.apache.org Subject: Re: how to secure standalone solr For standalone Solr , Kerberos is the only option for authentication. If you have a SolrCloud setup, you have other options https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin On Fri, Dec 11, 2015 at 11:02 PM, Don Bosco Durai <bo...@apache.org> wrote: >>Anyone told me how to secure standalone solr . > Recently there were few discussion on this. In short, it is not tested and > there doesn’t seem to a plan to test it. > >>1.)using Kerberos Plugin is a good practice or any other else. > The answer depends how you are using it. Where you are deploying it, who is > accessing it, whether you want to restrict by access type (read/write), what > authentication environment (LDAP/AD, Kerberos, etc) you already have. > > Depending upon your use cases and environment, you may have one or more > options. > > Bosco > > > > > > > On 12/11/15, 4:27 AM, "Mugeesh Husain" <muge...@gmail.com> wrote: > >>Hello, >> >>Anyone told me how to secure standalone solr . >> >>1.)using Kerberos Plugin is a good practice or any other else. >> >> >> >>-- >>View this message in context: >>http://lucene.472066.n3.nabble.com/how-to-secure-standalone-solr-tp424 >>4866.html Sent from the Solr - User mailing list archive at >>Nabble.com. > -- ----------------------------------------------------- Noble Paul
