As long as Core Admin is accessible via HTTP and allows to manipulate Solr cores, it should be secured, regardless of configured path. The difference between securing Admin vs. securing other handlers is that other handlers are accessed by a specific application server(s), and therefore may be easily firewalled etc. Admin interface can (in theory) be accessed from machine other than application server, but I cannot really apply security constraints to it as long as Core Admin is used both internally(replication) and externally (admin web interface JS). Therefore, it's necessary to provide reverse proxy with access control management for secure external access to admin AND internal access.
-- View this message in context: http://lucene.472066.n3.nabble.com/SolrCloud-admin-security-vs-replication-tp4037337p4037628.html Sent from the Solr - User mailing list archive at Nabble.com.
