Hi Andrew, Today, authentication is handled by the container (e.g. Tomcat, Jetty etc.).
There's a thread I found to be very useful on this topic here: http://www.lucidimagination.com/search/document/d1e338dc452db2e4/how_can_i_protect_the_solr_cores This was for Jetty, but the idea is pretty much the same for Tomcat. HTH Peter On Thu, Apr 29, 2010 at 8:42 AM, Andrew McCombe <eupe...@gmail.com> wrote: > Hi > > I'm planning on adding some protection to our solr servers and would > like to know what others are doing in this area. > > Basically I have a few solr cores running under tomcat6 and all use DH > to populate the solr index. This is all behind a firewall and only > accessible from certain IP addresses. Access to Solr Admin is open to > anyone in the company and many use it for checking data is in the > index and simple analysis. However, they can also trigger a > full-import if they are careless (one of the cores takes 6 hours to > ingest the data). > > What would be the recommended way of protecting things like the DIH > functionality? HTTP Authentication via tomcat realms or are there any > other solutions? > > Thanks > Andrew McCombe > iWeb Solutions >
