Mailing List Archive

Put a web tier in front of Solr. Always.




On Wed, Aug 21, 2013 at 2:56 AM, Kuldeep Sharma <kuldeep.sharma@hcl.com>wrote:

> Hi,
>
> We are running solr instance using dataimport handler. Now, when we access
> Solr UI, then it is showing all configuration details(e.g. All DB details
> including credentials) after clicking on dataimport tab available on left
> side.
>
> I have tried to protect this solr webapp which is deployed on Jboss. But
> after this search is not working as its asking for credentials and we have
> defined this URL within search application.
>
> Can you please help me out for securing Solr Instance running on Prod Env?
>
> ------------------------
> Best Regards,
> Kuldeep Sharma
>
>
>
> ::DISCLAIMER::
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
> The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only.
> E-mail transmission is not guaranteed to be secure or error-free as
> information could be intercepted, corrupted,
> lost, destroyed, arrive late or incomplete, or may contain viruses in
> transmission. The e mail and its contents
> (with or without referred errors) shall therefore not attach any liability
> on the originator or HCL or its affiliates.
> Views or opinions, if any, presented in this email are solely those of the
> author and may not necessarily reflect the
> views or opinions of HCL or its affiliates. Any form of reproduction,
> dissemination, copying, disclosure, modification,
> distribution and / or publication of this message without the prior
> written consent of authorized representative of
> HCL is strictly prohibited. If you have received this email in error
> please delete it and notify the sender immediately.
> Before opening any email and/or attachments, please check them for viruses
> and other defects.
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>

Hey Ted,

Can you please elaborate with example?

--------------------------
Regards,
Kuldeep Sharma

---------------------------------------------------------------------------------------
Regards,
Kuldeep Sharma|  IT Enterprise  |  McDonald's Corporation
Mobile:  +91-9560624333 |mailto: kuldeep.sharma@hcl.com


-----Original Message-----
From: Ted Dunning [mailto:ted.dunning@gmail.com]
Sent: Wednesday, August 21, 2013 5:28 AM
To: general@lucene.apache.org
Subject: Re: Secure Solr Instance

Put a web tier in front of Solr. Always.




On Wed, Aug 21, 2013 at 2:56 AM, Kuldeep Sharma <kuldeep.sharma@hcl.com>wrote:

> Hi,
>
> We are running solr instance using dataimport handler. Now, when we
> access Solr UI, then it is showing all configuration details(e.g. All
> DB details including credentials) after clicking on dataimport tab
> available on left side.
>
> I have tried to protect this solr webapp which is deployed on Jboss.
> But after this search is not working as its asking for credentials and
> we have defined this URL within search application.
>
> Can you please help me out for securing Solr Instance running on Prod Env?
>
> ------------------------
> Best Regards,
> Kuldeep Sharma
>
>
>
> ::DISCLAIMER::
>
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> --------
>
> The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only.
> E-mail transmission is not guaranteed to be secure or error-free as
> information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or may contain viruses in transmission. The e mail
> and its contents (with or without referred errors) shall therefore not
> attach any liability on the originator or HCL or its affiliates.
> Views or opinions, if any, presented in this email are solely those of
> the author and may not necessarily reflect the views or opinions of
> HCL or its affiliates. Any form of reproduction, dissemination,
> copying, disclosure, modification, distribution and / or publication
> of this message without the prior written consent of authorized
> representative of HCL is strictly prohibited. If you have received
> this email in error please delete it and notify the sender
> immediately.
> Before opening any email and/or attachments, please check them for
> viruses and other defects.
>
>
> ----------------------------------------------------------------------
> ------------------------------------------------------------------------------
>

No.

This is totally simple.

Just define your service end points on your web tier.

These should forward requests to the solr server (which should not itself
be otherwise accessible.

If you have the capability for layer 7 filtering between the web and solr
tiers you can add limits on which URL's can be touched by the web tier.
You can probably do this pretty easily using Apache configs.

There isn't much else to say. It is dead easy.

On Wed, Aug 21, 2013 at 3:34 AM, Kuldeep Sharma <kuldeep.sharma@hcl.com>wrote:

> Hey Ted,
>
> Can you please elaborate with example?
>
>

Also see e.g. https://github.com/evolvingweb/ajax-solr/wiki/Solr-proxies for a list of proxies in case you need to expose low-level API access to Solr from the outside, e.g. from JS clients.

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

21. aug. 2013 kl. 12:44 skrev Ted Dunning <ted.dunning@gmail.com>:

> No.
>
> This is totally simple.
>
> Just define your service end points on your web tier.
>
> These should forward requests to the solr server (which should not itself
> be otherwise accessible.
>
> If you have the capability for layer 7 filtering between the web and solr
> tiers you can add limits on which URL's can be touched by the web tier.
> You can probably do this pretty easily using Apache configs.
>
> There isn't much else to say. It is dead easy.
>
> On Wed, Aug 21, 2013 at 3:34 AM, Kuldeep Sharma <kuldeep.sharma@hcl.com>wrote:
>
>> Hey Ted,
>>
>> Can you please elaborate with example?
>>
>>

Hi Ted,

It would be really helpful, if you share any document or link about below.

---------------------------------------------------------------------------------------
Regards,
Kuldeep Sharma

-----Original Message-----
From: Ted Dunning [mailto:ted.dunning@gmail.com]
Sent: Wednesday, August 21, 2013 5:44 AM
To: general@lucene.apache.org
Subject: Re: Secure Solr Instance

No.

This is totally simple.

Just define your service end points on your web tier.

These should forward requests to the solr server (which should not itself be otherwise accessible.

If you have the capability for layer 7 filtering between the web and solr tiers you can add limits on which URL's can be touched by the web tier.
You can probably do this pretty easily using Apache configs.

There isn't much else to say. It is dead easy.

On Wed, Aug 21, 2013 at 3:34 AM, Kuldeep Sharma <kuldeep.sharma@hcl.com>wrote:

> Hey Ted,
>
> Can you please elaborate with example?
>
>


::DISCLAIMER::
----------------------------------------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.
E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents
(with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates.
Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the
views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of this message without the prior written consent of authorized representative of
HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.
Before opening any email and/or attachments, please check them for viruses and other defects.

----------------------------------------------------------------------------------------------------------------------------------------------------

I also want to explose to web, but boss not agree.
I think it can be done.
mark.



--
View this message in context: http://lucene.472066.n3.nabble.com/Secure-Solr-Instance-tp4085838p4155515.html
Sent from the Lucene - General mailing list archive at Nabble.com.