Setting up Apache is off-topic, but it’s just a matter of ProxyPass to the Solr app URL. I already gave you the relevant IP restriction configuration directive, “Allow from “. The rest is in httpd documentation.
From: Ryan W <rya...@gmail.com> Sent: Monday, March 16, 2020 10:41 AM To: solr-user@lucene.apache.org Subject: Re: How do *you* restrict access to Solr? WARNING: This email originated outside of Lands’ End. Please be on the lookout for phishing scams and do not open attachments or click links from people you do not know.. On Mon, Mar 16, 2020 at 11:32 AM Dunigan, Craig A. < craig.duni...@landsend.com<mailto:craig.duni...@landsend.com>> wrote: > Here are my suggestions. If you’re okay with IP restrictions only, then > iptables. Thanks! Just knowing this is an option helps. I took a stab at it but it didn't work initially, but at least now I know there's a reason to keep trying it. > If you don’t have *nix or root access, an Apache proxy server with Allow > from <ip addr>. I do have root access and can edit the Apache config. Can I restrict access in the Apache config? If so, that would be a great solution. My situation is fairly typical. I have a LAMP environment with Red Hat linux. I'm not quite sure how to make my Apache directives specific to the Solr install. Again, just knowing this is an option would be helpful. The Solr docs don't mention this possibility, I don't think. > If you want really, really secure, an stunnel front-end that requires > client certs that you install in your browsers. For us, we have a load > balancer with VIPs that restrict access to the internal IP range of the > building that houses IT, but not everyone has the luxury of hardware > solutions. > > From: Ryan W <rya...@gmail.com<mailto:rya...@gmail.com>> > Sent: Monday, March 16, 2020 10:20 AM > To: solr-user@lucene.apache.org<mailto:solr-user@lucene.apache.org> > Subject: Re: How do *you* restrict access to Solr? > > WARNING: This email originated outside of Lands’ End. Please be on the > lookout for phishing scams and do not open attachments or click links from > people you do not know.. > > On Mon, Mar 16, 2020 at 10:50 AM David Hastings < > hastings.recurs...@gmail.com<mailto:hastings.recurs...@gmail.com<mailto:hastings.recurs...@gmail.com%3cmailto:hastings.recurs...@gmail.com>>> > wrote: > > > Honestly? I know this isnt what youre going to want to hear, but security > > through obscurity. no one else knows what port the servers on, and its > not > > accessible from anything outside of the internal network. > > > That doesn't sound like security through obscurity, as long as you are > confident that access to the internal network is limited... to whatever > degree you require. I'd certainly be happy if I could restrict access > based on IP. > > > > > if your solr > > install can be accessed from an external IP you have much larger issues. > > > > On Mon, Mar 16, 2020 at 10:44 AM Ryan W <rya...@gmail.com<mailto: <mailto:rya...@gmail.com%3cmailto:%0b>> rya...@gmail.com<mailto:rya...@gmail.com>>> wrote: > > > > > How do you, personally, do it? Do you use IPTables? Basic > > Authentication > > > Plugin? Something else? > > > > > > I'm asking in part so I'l have something to search for. I don't know > > where > > > I should begin, so I figured I would ask how others do it. > > > > > > I haven't been able to find anything that works, so if you can tell me > > what > > > works for you, I can at least narrow it down a bit and do some Google > > > searches. Do I need to learn Solr's plugin system? Am I starting in the > > > right place if I follow this document: > > > > > > > > > https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin<https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin> > < > https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin<https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin> > > > > > > > > Initially, the above document seems far too comprehensive for my needs. > > I > > > just want to block access to the Solr admin UI, and the list of > > predefined > > > permissions in that document don't seem to be relevant. Also, it seems > > > unlikely this plugin system is necessary just to control access to the > > > admin UI... or maybe it necessary? > > > > > > In any case, what is your approach? > > > > > > I'm using version 7.7.2 of Solr. > > > > > > Thanks! > > > > > >
