I think this has come up on the mailing list before. I don't remember the details, but you want to restrict the admin UI but not the CoreAdmin url - /admin/cores.
- Mark On Jan 28, 2013, at 4:37 PM, Marcin Rzewucki <mrzewu...@gmail.com> wrote: > Hi, > > If you add security constraint for /admin/*, SolrCloud will not work. At > least that's what I had in Solr4.0. I have not tried the same with Solr4.1, > but I guess it is the same. > Also I found some issues with URL patterns in webdefault.xml > This: > <url-pattern>/core/update</url-pattern> > works, but for some reason this: > <url-pattern>/*/update</url-pattern> > does not work. > > Regards. > > On 27 January 2013 20:30, Isaac Hebsh <isaac.he...@gmail.com> wrote: > >> You can define a security filter in WEB-INF\web.xml, on specific url >> patterns. >> You might want to set the url pattern to "/admin/*". >> >> [find examples here: >> >> http://stackoverflow.com/questions/7920092/how-can-i-bypass-security-filter-in-web-xml >> ] >> >> >> On Sun, Jan 27, 2013 at 8:07 PM, Mingfeng Yang <mfy...@wisewindow.com >>> wrote: >> >>> Before Solr 4.0, I secure solr by enable password protection in Jetty. >>> However, password protection will make solrcloud not work. >>> >>> We use EC2 now, and we need the www admin interface of solr to be >>> accessible (with password) from anywhere. >>> >>> How do you protect your solr sever from unauthorized access? >>> >>> Thanks, >>> Ming >>> >>
