On 10/22/2013 7:32 AM, Raheel Hasan wrote: > I want to know how to secure the admin section. The site " > http://wiki.apache.org/solr/SolrSecurity"; has a lot of stuff, but I want to > put htaccess based restriction. > > Can anyone tell me where to place the htaccess? > > I am using solr 4.3
Restricting with htaccess is a webserver function, and it is specifically an Apache webserver function. I don't think that Servlet containers use htaccess, but I admit that I'm not very familiar with the intricacies of servlet configuration. Solr itself contains no security features. Security is completely up to the servlet container. A note of caution - certain features of Solr, including SolrCloud and distributed search, will make requests internally. Adding security restrictions can break that functionality. Solr should not be exposed directly to end users. Queries should be accepted and sanitized by back-end code before they are sent to Solr, which should be firewalled so only trusted personnel and applications can reach it. Thanks, Shawn
