You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by "Joshi, Shital" <Sh...@gs.com> on 2014/05/29 18:12:44 UTC

Safeguards for stray commands from deleting solr data

Hi,

What are ways to prevent someone executing random delete commands against Solr? Like:

curl http://solr.com:8983/solr/core/update?commit=true -H "Content-Type: text/xml" --data-binary '<delete><query>*:*</query></delete>'

I understand we can do IP based access (change /etc/jetty.xml). Is there anything Solr provides out of the box?

Thanks!

Re: Safeguards for stray commands from deleting solr data

Posted by Erick Erickson <er...@gmail.com>.

Not unless you disable the update handler completely. Assuming you have
sensitive data, you really need to secure your Solr server behind an app
though.

Best,
Erick


On Thu, May 29, 2014 at 9:12 AM, Joshi, Shital <Sh...@gs.com> wrote:

> Hi,
>
> What are ways to prevent someone executing random delete commands against
> Solr? Like:
>
> curl http://solr.com:8983/solr/core/update?commit=true -H "Content-Type:
> text/xml" --data-binary '<delete><query>*:*</query></delete>'
>
> I understand we can do IP based access (change /etc/jetty.xml). Is there
> anything Solr provides out of the box?
>
> Thanks!
>
>
>
>