This sounds like trouble. I have used Solr in my script (php) such that I curl it for query (using "solr/automata/select?q="). If I make it completely off-public, how will my own site access it?
Is there any parameter to prevent access by "REMOTE_ADDR"? Thanks. On Tue, Oct 22, 2013 at 6:49 PM, Shawn Heisey <s...@elyograg.org> wrote: > On 10/22/2013 7:32 AM, Raheel Hasan wrote: > > I want to know how to secure the admin section. The site " > > http://wiki.apache.org/solr/SolrSecurity"; has a lot of stuff, but I > want to > > put htaccess based restriction. > > > > Can anyone tell me where to place the htaccess? > > > > I am using solr 4.3 > > Restricting with htaccess is a webserver function, and it is > specifically an Apache webserver function. I don't think that Servlet > containers use htaccess, but I admit that I'm not very familiar with the > intricacies of servlet configuration. > > Solr itself contains no security features. Security is completely up to > the servlet container. > > A note of caution - certain features of Solr, including SolrCloud and > distributed search, will make requests internally. Adding security > restrictions can break that functionality. > > Solr should not be exposed directly to end users. Queries should be > accepted and sanitized by back-end code before they are sent to Solr, > which should be firewalled so only trusted personnel and applications > can reach it. > > Thanks, > Shawn > > -- Regards, Raheel Hasan
