Hi Daniel, That sounds good. It is a custom solution, which is a way to secure just about any server. I think Noble's point was about out of the box, community supported, way of securing Solr. Regards, Ishan
On Mon, Dec 14, 2015 at 9:26 PM, Davis, Daniel (NIH/NLM) [C] < daniel.da...@nih.gov> wrote: > Wait a second. There are other sorts of ways to secure Solr that don't > work with any sort role-based security control. What I do is place a > reverse-proxy in front of Apache Solr on port 80, and have that reverse > proxy use CAS authentication. I also have a list of "valid-users" who may > use the Solr admin UI. > > Then, I have port 8983 open in my port-based host firewall (iptables), but > it only allows the hosts that need to talk directly to Solr. Firewalls > prevent the other accesses. Many security wrappers such as mod_auth_cas, > which works with Apache httpd, can set a request header such as REMOTE_USER > to the username of the individual who has authenticated with the wrapper. > In fact, I'm hoping security.json can eventually be made to work with such > a header. > > -----Original Message----- > From: Noble Paul [mailto:noble.p...@gmail.com] > Sent: Friday, December 11, 2015 8:12 PM > To: solr-user@lucene.apache.org > Subject: Re: how to secure standalone solr > > For standalone Solr , Kerberos is the only option for authentication. > If you have a SolrCloud setup, you have other options > > > https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin > > https://cwiki.apache.org/confluence/display/solr/Rule-Based+Authorization+Plugin > > On Fri, Dec 11, 2015 at 11:02 PM, Don Bosco Durai <bo...@apache.org> > wrote: > >>Anyone told me how to secure standalone solr . > > Recently there were few discussion on this. In short, it is not tested > and there doesn’t seem to a plan to test it. > > > >>1.)using Kerberos Plugin is a good practice or any other else. > > The answer depends how you are using it. Where you are deploying it, who > is accessing it, whether you want to restrict by access type (read/write), > what authentication environment (LDAP/AD, Kerberos, etc) you already have. > > > > Depending upon your use cases and environment, you may have one or more > options. > > > > Bosco > > > > > > > > > > > > > > On 12/11/15, 4:27 AM, "Mugeesh Husain" <muge...@gmail.com> wrote: > > > >>Hello, > >> > >>Anyone told me how to secure standalone solr . > >> > >>1.)using Kerberos Plugin is a good practice or any other else. > >> > >> > >> > >>-- > >>View this message in context: > >>http://lucene.472066.n3.nabble.com/how-to-secure-standalone-solr-tp424 > >>4866.html Sent from the Solr - User mailing list archive at > >>Nabble.com. > > > > > > -- > ----------------------------------------------------- > Noble Paul >
