IPtables seems like the way to go, at least for me. Even if this basic-auth-plugin works, then you'll have to deal with denial-of-service attacks (although these can also happen indirectly, by hitting the website that uses Solr).
> On 16 Mar 2020, at 15:44, Ryan W <rya...@gmail.com> wrote: > > How do you, personally, do it? Do you use IPTables? Basic Authentication > Plugin? Something else? > > I'm asking in part so I'l have something to search for. I don't know where > I should begin, so I figured I would ask how others do it. > > I haven't been able to find anything that works, so if you can tell me what > works for you, I can at least narrow it down a bit and do some Google > searches. Do I need to learn Solr's plugin system? Am I starting in the > right place if I follow this document: > https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin > > Initially, the above document seems far too comprehensive for my needs. I > just want to block access to the Solr admin UI, and the list of predefined > permissions in that document don't seem to be relevant. Also, it seems > unlikely this plugin system is necessary just to control access to the > admin UI... or maybe it necessary? > > In any case, what is your approach? > > I'm using version 7.7.2 of Solr. > > Thanks!
