Solr should not be accessible to end users directly - only through a dedicated application in between.
Then in an enterprise setting it is mostly Kerberos auth. and https (do not forget about zookeeper when using Solr cloud here you can also have Kerberos auth and in recent version also SSL). It is not that difficult to configure if you work with people that know a bit about those topics in your enterprise. In a Cloud based scenario jwt token can make sense. Do not do security by obscurity. You owe it to the users that potentially also have private data on Solr. > Am 16.03.2020 um 15:44 schrieb Ryan W <rya...@gmail.com>: > > How do you, personally, do it? Do you use IPTables? Basic Authentication > Plugin? Something else? > > I'm asking in part so I'l have something to search for. I don't know where > I should begin, so I figured I would ask how others do it. > > I haven't been able to find anything that works, so if you can tell me what > works for you, I can at least narrow it down a bit and do some Google > searches. Do I need to learn Solr's plugin system? Am I starting in the > right place if I follow this document: > https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin > > Initially, the above document seems far too comprehensive for my needs. I > just want to block access to the Solr admin UI, and the list of predefined > permissions in that document don't seem to be relevant. Also, it seems > unlikely this plugin system is necessary just to control access to the > admin UI... or maybe it necessary? > > In any case, what is your approach? > > I'm using version 7.7.2 of Solr. > > Thanks!
