On Mon, Mar 16, 2020 at 10:50 AM David Hastings < hastings.recurs...@gmail.com> wrote:
> Honestly? I know this isnt what youre going to want to hear, but security > through obscurity. no one else knows what port the servers on, and its not > accessible from anything outside of the internal network. That doesn't sound like security through obscurity, as long as you are confident that access to the internal network is limited... to whatever degree you require. I'd certainly be happy if I could restrict access based on IP. > if your solr > install can be accessed from an external IP you have much larger issues. > On Mon, Mar 16, 2020 at 10:44 AM Ryan W <rya...@gmail.com> wrote: > > > How do you, personally, do it? Do you use IPTables? Basic > Authentication > > Plugin? Something else? > > > > I'm asking in part so I'l have something to search for. I don't know > where > > I should begin, so I figured I would ask how others do it. > > > > I haven't been able to find anything that works, so if you can tell me > what > > works for you, I can at least narrow it down a bit and do some Google > > searches. Do I need to learn Solr's plugin system? Am I starting in the > > right place if I follow this document: > > > > > https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin > > > > Initially, the above document seems far too comprehensive for my needs. > I > > just want to block access to the Solr admin UI, and the list of > predefined > > permissions in that document don't seem to be relevant. Also, it seems > > unlikely this plugin system is necessary just to control access to the > > admin UI... or maybe it necessary? > > > > In any case, what is your approach? > > > > I'm using version 7.7.2 of Solr. > > > > Thanks! > > >
