I have found that for admin commands you may need to include "collection":null
{
"name":"admin-info-system2",
"path":"/admin/*",
"collection":null,
"role":"*"}
-----Original Message-----
From: Jesús Roca <xes...@gmail.com>
Sent: Friday, February 28, 2020 2:10 PM
To: solr-user@lucene.apache.org
Subject: Limiting access to /admin path
Hello,
I have a Solr 7.7.2 instance with basic authentication.
Anyone knows how to limit only to authenticated users the access to /admin
path?
For example to:
https://localhost:8983/solr/admin/info/system
When I access to that section this is the log generated:
2020-02-28 18:05:58.896 INFO (qtp694316372-17) [ ] o.a.s.s.HttpSolrCall
[admin] webapp=null path=/admin/info/system params={} status=0 QTime=36
I have added the following custom permission, but it doesn't block the
unauthenticated request to that section:
"permissions":[
{
"name":"admin-info-system",
"path":"/admin/info/system",
"role":"*"}
],
If I create the following custom permissions with diferent path:
"permissions":[
{
"name":"admin-info-system1",
"path":"/select/*",
"role":"*"},
{
"name":"admin-info-system2",
"path":"/admin/*",
"role":"*"}
],
Then, I have to authenticate when I query a collection, but I can still
access to /admin/info/system or /admin/collections?action=CLUSTERSTATUS
Definitely, I don't know how to block unauthenticated access to /admin path
without add the blockUnknown=true attribute but, if I do that, all the
request will have to be authenticated and I didn't.
Thanks in advance!
