It's fairly easy to lock down Solr behind basic auth using just the servlet container it's running in, but the problem becomes letting services that *should* be able to access Solr in. I've rolled with basic auth in some setups, but certain deployments such as Solr Cloud or sharded setups don't play well with auth because there's no good way to configure them to use it.
Michael Della Bitta ------------------------------------------------ Appinions 18 East 41st Street, 2nd Floor New York, NY 10017-6271 www.appinions.com Where Influence Isn’t a Game On Thu, Apr 11, 2013 at 1:19 PM, Raymond Wiker <rwi...@gmail.com> wrote: > On Apr 11, 2013, at 17:12 , adfel70 <adfe...@gmail.com> wrote: >> Hi >> I need to implement security in solr as follows: >> 1. prevent unauthorized users from accessing to solr admin pages. >> 2. prevent unauthorized users from performing solr operations - both /admin >> and /update. >> >> >> Is the conclusion of this thread is that this is not possible at the moment? > > > The "obvious" solution (to me, at least) would be to (1) restrict access to > solr to localhost, and (2) use a reverse proxy (e.g, apache) on the same node > to provide authenticated & restricted access to solr. I think I've seen > recipes for (1), somewhere, and I've used (2) fairly extensively for similar > purposes.
