Securing Solr pretty much universally requires that you only allow trusted clients to access the machines directly, usually secured with a firewall and allowed IP addresses, the admin handler is the least of your worries.
Consider if you let me ping solr directly, I can do something really annoying like: http://localhost:8983/solr/update?stream.body=<delete><query>office:Bridgewater</query></delete> Best Erick On Wed, Sep 5, 2012 at 2:51 AM, Paul Codman <[email protected]> wrote: > First time Solr user and I am loving it! I have a standard Solr 4 set up > running under Jetty. The instructions in the Wiki do not seem to apply to > Solr 4 (eg mortbay references / section to uncomment not present in xml > file / etc) - could someone please advise on steps required to secure Solr > 4 and can someone confirm that security operates in relation to new Admin > interface. Thanks in advance.
