Hi! We're looking into the option of setting up search with Solr without an intermediary application. This would mean our backend would index data into Solr and we would have a public Solr endpoint on the internet that would receive search requests directly.
Since I couldn't find an existing solution similar to ours, I would like to know whether it's possible to secure Solr in a way that allows anyone only read-access only to collections and how to achieve that. Specifically because of this part of the documentation <https://lucene.apache.org/solr/guide/8_5/securing-solr.html>: *No Solr API, including the Admin UI, is designed to be exposed to non-trusted parties. Tune your firewall so that only trusted computers and people are allowed access. Because of this, the project will not regard e.g., Admin UI XSS issues as security vulnerabilities. However, we still ask you to report such issues in JIRA.* Is there a way we can restrict read-only access to Solr collections so as to allow users to make search requests directly to it or should we always keep our Solr instances completely private? Thanks in advance! Best regards, Marco Godinho
