You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Spadez <ja...@hotmail.com> on 2012/04/10 17:10:42 UTC
Securing Solr under Tomcat - IP best way?
Hi,
I’m in the process of working how to configure and secure my server running
Nginx, and Nutch and Solr under Tomcat. Is the best security practice for
securing Solr under Tomcat simply to only allow requests only from
127.0.0.1. This way Solr isn’t exposed to the outside world and is only
compromised when the server is hacked, at which point I’m buggered anyway?
I’d appreciate your input on this because there seems to be a diverse range
of opinions on this.
Regards,
James
--
View this message in context: http://lucene.472066.n3.nabble.com/Securing-Solr-under-Tomcat-IP-best-way-tp3899929p3899929.html
Sent from the Solr - User mailing list archive at Nabble.com.
Re: Securing Solr under Tomcat - IP best way?
Posted by Markus Jelsma <ma...@openindex.io>.
Accept only what you need (ports incoming/outgoing) for specific
trusted clients. Decide for protocols such as ICMP, DNS, NTP, SSH and of
course HTTP and drop all other coming in and reject going out. Beyond
this you can also configure some protection for bad packets.
There are plenty of guides and examples to learn from.
But i would like to add that it's a good idea to set up a cron script
that disables the firewall rules in case you lock yourself out, it will
happen!
On Tue, 10 Apr 2012 08:54:00 -0700 (PDT), Spadez
<ja...@hotmail.com> wrote:
> Thank you for the reply. I hate to take more of peoples time but can
> anyone
> elaborate more on the kind of firewall rules I should be looking at?
>
> --
> View this message in context:
>
> http://lucene.472066.n3.nabble.com/Securing-Solr-under-Tomcat-IP-best-way-tp3899929p3900040.html
> Sent from the Solr - User mailing list archive at Nabble.com.
--
Re: Securing Solr under Tomcat - IP best way?
Posted by Spadez <ja...@hotmail.com>.
Thank you for the reply. I hate to take more of peoples time but can anyone
elaborate more on the kind of firewall rules I should be looking at?
--
View this message in context: http://lucene.472066.n3.nabble.com/Securing-Solr-under-Tomcat-IP-best-way-tp3899929p3900040.html
Sent from the Solr - User mailing list archive at Nabble.com.
Re: Securing Solr under Tomcat - IP best way?
Posted by Markus Jelsma <ma...@openindex.io>.
Hi,
I'd certainly add firewall rules. In some cases also HTTP Auth. Nutch can
authenticate to Solr so that's no problem.
Cheers
On Tuesday 10 April 2012 17:10:42 Spadez wrote:
> Hi,
>
> I’m in the process of working how to configure and secure my server running
> Nginx, and Nutch and Solr under Tomcat. Is the best security practice for
> securing Solr under Tomcat simply to only allow requests only from
> 127.0.0.1. This way Solr isn’t exposed to the outside world and is only
> compromised when the server is hacked, at which point I’m buggered anyway?
>
> I’d appreciate your input on this because there seems to be a diverse range
> of opinions on this.
>
> Regards,
>
> James
>
>
> --
> View this message in context:
> http://lucene.472066.n3.nabble.com/Securing-Solr-under-Tomcat-IP-best-way-
> tp3899929p3899929.html Sent from the Solr - User mailing list archive at
> Nabble.com.
--
Markus Jelsma - CTO - Openindex