You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Brian Lamb <br...@journalexperts.com> on 2011/05/09 20:57:01 UTC
Solr security
Hi all,
Is it possible to set up solr so that it will only execute dataimport
commands if they come from localhost?
Right now, my application and my solr installation are on different servers
so any requests are formatted http://domain:8983 instead of
http://localhost:8983. I am concerned that when I launch my application,
there will be the potential for abuse. Is the best solution to have
everything reside on the same server?
What are some other solutions?
Thanks,
Brian Lamb
Re: Solrj Questions
Posted by Chris Hostetter <ho...@fucit.org>.
: Subject: Solrj Questions
: References: <BA...@mail.gmail.com>
: <19...@cominvent.com>
: <4D...@tinkertownlabs.com>
: <BA...@mail.gmail.com>
: In-Reply-To: <BA...@mail.gmail.com>
http://people.apache.org/~hossman/#threadhijack
Thread Hijacking on Mailing Lists
When starting a new discussion on a mailing list, please do not reply to
an existing message, instead start a fresh email. Even if you change the
subject line of your email, other mail headers still track which thread
you replied to and your question is "hidden" in that thread and gets less
attention. It makes following discussions in the mailing list archives
particularly difficult.
-Hoss
Solrj Questions
Posted by Rohit <ro...@in-rev.com>.
Hi,
I am trying to use solrj for my application, my code is given below,
query.add("q", "simplify360");
query.add("facet", "true");
query.add("facet.range", "createdOnGMTDate");
query.add("facet.range.start",
"2010-08-01T00:00:00Z+330MINUTES");
query.add("facet.range.end", "2011-05-31T00:00:00Z+330MINUTES");
query.add("facet.range.gap", "+1DAY");
//query.add("wt","json");
//query.add("wt.mime-type","application/json");
System.err.println(query.toString());
The code executes fine and when i execute the url on solr server, i get the
following result for faceting,
<lst name="facet_counts"><lst name="facet_queries"/>
<lst name="facet_fields"/>
<lst name="facet_dates"/>
<lst name="facet_ranges">
<lst name="createdOnGMTDate">
<lst name="counts">
<int name="2010-01-01T00:00:00Z">0</int>
<int name="2010-01-02T00:00:00Z">0</int>
<int name="2010-01-03T00:00:00Z">0</int>
<int name="2010-01-04T00:00:00Z">0</int>
<int name="2010-01-05T00:00:00Z">0</int>
<int name="2010-01-06T00:00:00Z">0</int
</lst>
<str name="gap">+1DAY</str>
<date name="start">2010-01-01T00:00:00Z</date>
<date name="end">2011-05-31T00:00:00Z</date>
</lst>
</lst>
</lst>
</response>
1) How can i retrieve these values in java,
2) Also if there is anyway i can convert the json response to the json java
object
Regards,
Rohit
Re: Solr security
Posted by Brian Lamb <br...@journalexperts.com>.
Great posts all. I will give these a look and come up with something based
on these recommendations. I'm sure as I begin implementing something, I will
have more questions arise.
On Tue, May 10, 2011 at 9:00 AM, Anthony Wlodarski <
anthony@tinkertownlabs.com> wrote:
> The WIKI has a loose interpretation of how to set-up Jetty securely.
> Please take a look at the article I wrote here:
> http://anthonyw.net/2011/04/securing-jetty-and-solr-with-php-authentication/.
> Even if PHP is not your language that sits on top of Solr you can still use
> the first part of the tutorial. If you are using Tomcat I would recommend
> looking here:
> http://blog.comtaste.com/2009/02/securing_your_solr_server_on_t.html
>
> Regards,
>
> -Anthony
>
>
> On 05/09/2011 05:28 PM, Jan Høydahl wrote:
>
>> Hi,
>>
>> You can simply configure a firewall on your Solr server to only allow
>> access from your frontend server. Whether you use the built-in software
>> firewall of Linux/Windows/Whatever or use some other FW utility is a choice
>> you need to make. This is by design - you should never ever expose your
>> backend services, whether it's a search server or a database server, to the
>> public.
>>
>> Read more about Solr security on the WIKI:
>> http://wiki.apache.org/solr/SolrSecurity
>>
>> --
>> Jan Høydahl, search solution architect
>> Cominvent AS - www.cominvent.com
>>
>> On 9. mai 2011, at 20.57, Brian Lamb wrote:
>>
>> Hi all,
>>>
>>> Is it possible to set up solr so that it will only execute dataimport
>>> commands if they come from localhost?
>>>
>>> Right now, my application and my solr installation are on different
>>> servers
>>> so any requests are formatted http://domain:8983 instead of
>>> http://localhost:8983. I am concerned that when I launch my application,
>>> there will be the potential for abuse. Is the best solution to have
>>> everything reside on the same server?
>>>
>>> What are some other solutions?
>>>
>>> Thanks,
>>>
>>> Brian Lamb
>>>
>>
> --
> Anthony Wlodarski
> Lead Software Engineer
> Get2Know.me (http://www.get2know.me)
> Office: 646-285-0500 x217
> Fax: 646-285-0400
>
>
Re: Solr security
Posted by Anthony Wlodarski <an...@tinkertownlabs.com>.
The WIKI has a loose interpretation of how to set-up Jetty securely.
Please take a look at the article I wrote here:
http://anthonyw.net/2011/04/securing-jetty-and-solr-with-php-authentication/.
Even if PHP is not your language that sits on top of Solr you can still
use the first part of the tutorial. If you are using Tomcat I would
recommend looking here:
http://blog.comtaste.com/2009/02/securing_your_solr_server_on_t.html
Regards,
-Anthony
On 05/09/2011 05:28 PM, Jan Høydahl wrote:
> Hi,
>
> You can simply configure a firewall on your Solr server to only allow access from your frontend server. Whether you use the built-in software firewall of Linux/Windows/Whatever or use some other FW utility is a choice you need to make. This is by design - you should never ever expose your backend services, whether it's a search server or a database server, to the public.
>
> Read more about Solr security on the WIKI: http://wiki.apache.org/solr/SolrSecurity
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
>
> On 9. mai 2011, at 20.57, Brian Lamb wrote:
>
>> Hi all,
>>
>> Is it possible to set up solr so that it will only execute dataimport
>> commands if they come from localhost?
>>
>> Right now, my application and my solr installation are on different servers
>> so any requests are formatted http://domain:8983 instead of
>> http://localhost:8983. I am concerned that when I launch my application,
>> there will be the potential for abuse. Is the best solution to have
>> everything reside on the same server?
>>
>> What are some other solutions?
>>
>> Thanks,
>>
>> Brian Lamb
--
Anthony Wlodarski
Lead Software Engineer
Get2Know.me (http://www.get2know.me)
Office: 646-285-0500 x217
Fax: 646-285-0400
Re: Solr security
Posted by Jan Høydahl <ja...@cominvent.com>.
Hi,
You can simply configure a firewall on your Solr server to only allow access from your frontend server. Whether you use the built-in software firewall of Linux/Windows/Whatever or use some other FW utility is a choice you need to make. This is by design - you should never ever expose your backend services, whether it's a search server or a database server, to the public.
Read more about Solr security on the WIKI: http://wiki.apache.org/solr/SolrSecurity
--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com
On 9. mai 2011, at 20.57, Brian Lamb wrote:
> Hi all,
>
> Is it possible to set up solr so that it will only execute dataimport
> commands if they come from localhost?
>
> Right now, my application and my solr installation are on different servers
> so any requests are formatted http://domain:8983 instead of
> http://localhost:8983. I am concerned that when I launch my application,
> there will be the potential for abuse. Is the best solution to have
> everything reside on the same server?
>
> What are some other solutions?
>
> Thanks,
>
> Brian Lamb
Re: Solr security
Posted by Upayavira <uv...@odoko.co.uk>.
Solr does not provide security (I believe Lucid EnterpriseWorks has
something there).
You should keep Solr itself secure behind a firewall, and pass all
requests through some intermediary that only allows sensible stuff
through to Solr itself. That way, the DataImportHandler is accessible
inside your firewall, and your search functionality is available
outside.
Upayavira
On Mon, 09 May 2011 14:57 -0400, "Brian Lamb"
<br...@journalexperts.com> wrote:
> Hi all,
>
> Is it possible to set up solr so that it will only execute dataimport
> commands if they come from localhost?
>
> Right now, my application and my solr installation are on different
> servers
> so any requests are formatted http://domain:8983 instead of
> http://localhost:8983. I am concerned that when I launch my application,
> there will be the potential for abuse. Is the best solution to have
> everything reside on the same server?
>
> What are some other solutions?
>
> Thanks,
>
> Brian Lamb
>
---
Enterprise Search Consultant at Sourcesense UK,
Making Sense of Open Source