You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Shay Sofer <sh...@checkpoint.com> on 2014/11/04 13:53:30 UTC
Solr authentication
Hi,
I want that my Solr web connection will be protected by username and password.
When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after login (with known users).
Is it possible ?
Thanks,
Shay.
Re: Solr authentication
Posted by Alexandre Rafalovitch <ar...@gmail.com>.
Whichever way you run, I just want to remind people that if people
have access to Solr, they can issue delete commands and - probably -
bunch of other things.
If performance is not a critical aspect, I would look at isolating
Solr in something like Docker container.
Regards,
Alex.
Personal: http://www.outerthoughts.com/ and @arafalov
Solr resources and newsletter: http://www.solr-start.com/ and @solrstart
Solr popularizers community: https://www.linkedin.com/groups?gid=6713853
On 4 November 2014 12:02, Chris Hostetter <ho...@fucit.org> wrote:
>
> I am not a security expert, but in my opinion the safest way to run solr
> "securely" is to forget all about usernames & passwords and instead use
> SSL with client SSL certificates...
>
> https://cwiki.apache.org/confluence/display/solr/Enabling+SSL
>
>
>
> : Date: Tue, 4 Nov 2014 12:53:30 +0000
> : From: Shay Sofer <sh...@checkpoint.com>
> : Reply-To: solr-user@lucene.apache.org
> : To: "solr-user@lucene.apache.org" <so...@lucene.apache.org>
> : Subject: Solr authentication
> :
> : Hi,
> :
> : I want that my Solr web connection will be protected by username and password.
> :
> : When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after login (with known users).
> :
> : Is it possible ?
> :
> : Thanks,
> : Shay.
> :
>
> -Hoss
> http://www.lucidworks.com/
Re: Solr authentication
Posted by Chris Hostetter <ho...@fucit.org>.
I am not a security expert, but in my opinion the safest way to run solr
"securely" is to forget all about usernames & passwords and instead use
SSL with client SSL certificates...
https://cwiki.apache.org/confluence/display/solr/Enabling+SSL
: Date: Tue, 4 Nov 2014 12:53:30 +0000
: From: Shay Sofer <sh...@checkpoint.com>
: Reply-To: solr-user@lucene.apache.org
: To: "solr-user@lucene.apache.org" <so...@lucene.apache.org>
: Subject: Solr authentication
:
: Hi,
:
: I want that my Solr web connection will be protected by username and password.
:
: When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after login (with known users).
:
: Is it possible ?
:
: Thanks,
: Shay.
:
-Hoss
http://www.lucidworks.com/
Re: Solr authentication
Posted by Tim Dunphy <bl...@gmail.com>.
Shay,
> Thanks for the quick response.
No problem.
>
> 1. I'm using Solr with Jetty.
>
Yes. I got that from the fact that you were running Solr over port 8983.
That's the Jetty port. I just didn't mention that in the email cuz I
thought it was pretty obvious. :)
But what I am saying you should do is to get Solr to run under Tomcat
instead of Jetty. And then front it with apache. It'll be the only way to
put authentication on your Solr instance that I know of. It's also pretty
easy to do.
And I did think that was the only way to secure solr. But after googling
this question I do see there are some other ways to go about it.
http://stackoverflow.com/questions/17613835/securing-solr-in-production
But like I said the way I did this is pretty easy and that's what I'm
recommending you do.
> 2. I'm using Java to access Solr, so I need a way to pass / add
> this authentication as well.
You should have no trouble doing that with the way that I told you to set
this up. If you do what I did you'll be using SSL. Which is the most secure
you can get!
Tim
On Tue, Nov 4, 2014 at 8:49 AM, Shay Sofer <sh...@checkpoint.com> wrote:
> Thanks for the quick response.
>
> 1. I'm using Solr with Jetty.
> 2. I'm using Java to access Solr, so I need a way to pass / add
> this authentication as well.
>
>
>
>
> -----Original Message-----
> From: Tim Dunphy [mailto:bluethundr@gmail.com]
> Sent: Tuesday, November 04, 2014 3:22 PM
> To: solr-user@lucene.apache.org
> Subject: Re: Solr authentication
>
> Hi Shay,
>
> I'm new to using Solr myself. But what I've done to solve this problem is
> to run Solr via Tomcat. Then I put Apache in front of Tomcat using mod_jk
> and made Solr accessible via SSL on port 443. I also put basic
> authentication in front of Apache. That way you have to enter a username
> and password to log in.
>
> Then I made port 8080 (the native port for Apache Tomcat) inaccessible
> using the firewall. So that the only way to access the Solr instance was
> through Apache and entering your password. With everything going over SSL.
> It's very secure.
>
> From what I read about Solr, there are no security considerations (such as
> using a password for access) built in. So the only way to achieve some
> level of security without doing what I just did is to secure it with a
> firewall. Making your Solr instance accessible only from certain IPs.
> Please someone correct me if I'm wrong about that.
>
> But the way I did it with running Solr with Apache and SSL and mod_jk over
> tomcat is pretty easy. If you google it you will find plenty of useful
> guides out there on how to do this. I'd recommend taking that approach.
>
> Tim
>
> Sent from my iPhone
>
> > On Nov 4, 2014, at 7:53 AM, Shay Sofer <sh...@checkpoint.com> wrote:
> >
> > Hi,
> >
> > I want that my Solr web connection will be protected by username and
> password.
> >
> > When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after
> login (with known users).
> >
> > Is it possible ?
> >
> > Thanks,
> > Shay.
>
> Email secured by Check Point
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
RE: Solr authentication
Posted by Shay Sofer <sh...@checkpoint.com>.
Thanks for the quick response.
1. I'm using Solr with Jetty.
2. I'm using Java to access Solr, so I need a way to pass / add this authentication as well.
-----Original Message-----
From: Tim Dunphy [mailto:bluethundr@gmail.com]
Sent: Tuesday, November 04, 2014 3:22 PM
To: solr-user@lucene.apache.org
Subject: Re: Solr authentication
Hi Shay,
I'm new to using Solr myself. But what I've done to solve this problem is to run Solr via Tomcat. Then I put Apache in front of Tomcat using mod_jk and made Solr accessible via SSL on port 443. I also put basic authentication in front of Apache. That way you have to enter a username and password to log in.
Then I made port 8080 (the native port for Apache Tomcat) inaccessible using the firewall. So that the only way to access the Solr instance was through Apache and entering your password. With everything going over SSL. It's very secure.
>From what I read about Solr, there are no security considerations (such as using a password for access) built in. So the only way to achieve some level of security without doing what I just did is to secure it with a firewall. Making your Solr instance accessible only from certain IPs. Please someone correct me if I'm wrong about that.
But the way I did it with running Solr with Apache and SSL and mod_jk over tomcat is pretty easy. If you google it you will find plenty of useful guides out there on how to do this. I'd recommend taking that approach.
Tim
Sent from my iPhone
> On Nov 4, 2014, at 7:53 AM, Shay Sofer <sh...@checkpoint.com> wrote:
>
> Hi,
>
> I want that my Solr web connection will be protected by username and password.
>
> When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after login (with known users).
>
> Is it possible ?
>
> Thanks,
> Shay.
Email secured by Check Point
Re: Solr authentication
Posted by Tim Dunphy <bl...@gmail.com>.
Hi Shay,
I'm new to using Solr myself. But what I've done to solve this problem is to run Solr via Tomcat. Then I put Apache in front of Tomcat using mod_jk and made Solr accessible via SSL on port 443. I also put basic authentication in front of Apache. That way you have to enter a username and password to log in.
Then I made port 8080 (the native port for Apache Tomcat) inaccessible using the firewall. So that the only way to access the Solr instance was through Apache and entering your password. With everything going over SSL. It's very secure.
From what I read about Solr, there are no security considerations (such as using a password for access) built in. So the only way to achieve some level of security without doing what I just did is to secure it with a firewall. Making your Solr instance accessible only from certain IPs. Please someone correct me if I'm wrong about that.
But the way I did it with running Solr with Apache and SSL and mod_jk over tomcat is pretty easy. If you google it you will find plenty of useful guides out there on how to do this. I'd recommend taking that approach.
Tim
Sent from my iPhone
> On Nov 4, 2014, at 7:53 AM, Shay Sofer <sh...@checkpoint.com> wrote:
>
> Hi,
>
> I want that my Solr web connection will be protected by username and password.
>
> When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after login (with known users).
>
> Is it possible ?
>
> Thanks,
> Shay.