You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Jesús Roca <xe...@gmail.com> on 2020/02/28 19:09:38 UTC
Limiting access to /admin path
Hello,
I have a Solr 7.7.2 instance with basic authentication.
Anyone knows how to limit only to authenticated users the access to /admin
path?
For example to:
https://localhost:8983/solr/admin/info/system
When I access to that section this is the log generated:
2020-02-28 18:05:58.896 INFO (qtp694316372-17) [ ] o.a.s.s.HttpSolrCall
[admin] webapp=null path=/admin/info/system params={} status=0 QTime=36
I have added the following custom permission, but it doesn't block the
unauthenticated request to that section:
"permissions":[
{
"name":"admin-info-system",
"path":"/admin/info/system",
"role":"*"}
],
If I create the following custom permissions with diferent path:
"permissions":[
{
"name":"admin-info-system1",
"path":"/select/*",
"role":"*"},
{
"name":"admin-info-system2",
"path":"/admin/*",
"role":"*"}
],
Then, I have to authenticate when I query a collection, but I can still
access to /admin/info/system or /admin/collections?action=CLUSTERSTATUS
Definitely, I don't know how to block unauthenticated access to /admin path
without add the blockUnknown=true attribute but, if I do that, all the
request will have to be authenticated and I didn't.
Thanks in advance!
Re: Limiting access to /admin path
Posted by Jesús Roca <xe...@gmail.com>.
Yes, it works!
Thanks a lot!
El vie., 28 feb. 2020 20:15, Oakley, Craig (NIH/NLM/NCBI) [C]
<cr...@nih.gov.invalid> escribió:
> I have found that for admin commands you may need to include
> "collection":null
> {
> "name":"admin-info-system2",
> "path":"/admin/*",
> "collection":null,
> "role":"*"}
>
>
> -----Original Message-----
> From: Jesús Roca <xe...@gmail.com>
> Sent: Friday, February 28, 2020 2:10 PM
> To: solr-user@lucene.apache.org
> Subject: Limiting access to /admin path
>
> Hello,
>
> I have a Solr 7.7.2 instance with basic authentication.
>
> Anyone knows how to limit only to authenticated users the access to /admin
> path?
> For example to:
>
> https://localhost:8983/solr/admin/info/system
>
> When I access to that section this is the log generated:
> 2020-02-28 18:05:58.896 INFO (qtp694316372-17) [ ] o.a.s.s.HttpSolrCall
> [admin] webapp=null path=/admin/info/system params={} status=0 QTime=36
>
> I have added the following custom permission, but it doesn't block the
> unauthenticated request to that section:
>
> "permissions":[
> {
> "name":"admin-info-system",
> "path":"/admin/info/system",
> "role":"*"}
> ],
>
> If I create the following custom permissions with diferent path:
>
> "permissions":[
> {
> "name":"admin-info-system1",
> "path":"/select/*",
> "role":"*"},
> {
> "name":"admin-info-system2",
> "path":"/admin/*",
> "role":"*"}
> ],
>
> Then, I have to authenticate when I query a collection, but I can still
> access to /admin/info/system or /admin/collections?action=CLUSTERSTATUS
>
> Definitely, I don't know how to block unauthenticated access to /admin path
> without add the blockUnknown=true attribute but, if I do that, all the
> request will have to be authenticated and I didn't.
>
> Thanks in advance!
>
RE: Limiting access to /admin path
Posted by "Oakley, Craig (NIH/NLM/NCBI) [C]" <cr...@nih.gov.INVALID>.
I have found that for admin commands you may need to include "collection":null
{
"name":"admin-info-system2",
"path":"/admin/*",
"collection":null,
"role":"*"}
-----Original Message-----
From: Jesús Roca <xe...@gmail.com>
Sent: Friday, February 28, 2020 2:10 PM
To: solr-user@lucene.apache.org
Subject: Limiting access to /admin path
Hello,
I have a Solr 7.7.2 instance with basic authentication.
Anyone knows how to limit only to authenticated users the access to /admin
path?
For example to:
https://localhost:8983/solr/admin/info/system
When I access to that section this is the log generated:
2020-02-28 18:05:58.896 INFO (qtp694316372-17) [ ] o.a.s.s.HttpSolrCall
[admin] webapp=null path=/admin/info/system params={} status=0 QTime=36
I have added the following custom permission, but it doesn't block the
unauthenticated request to that section:
"permissions":[
{
"name":"admin-info-system",
"path":"/admin/info/system",
"role":"*"}
],
If I create the following custom permissions with diferent path:
"permissions":[
{
"name":"admin-info-system1",
"path":"/select/*",
"role":"*"},
{
"name":"admin-info-system2",
"path":"/admin/*",
"role":"*"}
],
Then, I have to authenticate when I query a collection, but I can still
access to /admin/info/system or /admin/collections?action=CLUSTERSTATUS
Definitely, I don't know how to block unauthenticated access to /admin path
without add the blockUnknown=true attribute but, if I do that, all the
request will have to be authenticated and I didn't.
Thanks in advance!