[lucene-solr] branch branch_8x updated: SOLR-14144: add IP-based access control to securing solr page

[rm...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rmuir pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git


The following commit(s) were added to refs/heads/branch_8x by this push:
     new 7feba46  SOLR-14144: add IP-based access control to securing solr page
7feba46 is described below

commit 7feba46a6f2e8aefc1c513771128a07aa2624d8e
Author: Robert Muir <rm...@apache.org>
AuthorDate: Tue Dec 24 07:55:42 2019 -0800

    SOLR-14144: add IP-based access control to securing solr page
---
 solr/solr-ref-guide/src/securing-solr.adoc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/solr/solr-ref-guide/src/securing-solr.adoc b/solr/solr-ref-guide/src/securing-solr.adoc
index 06bbd3f..5902941 100644
--- a/solr/solr-ref-guide/src/securing-solr.adoc
+++ b/solr/solr-ref-guide/src/securing-solr.adoc
@@ -62,6 +62,18 @@ Audit logging will record an audit trail of incoming reqests to your cluster, su
 
 Solr can optionally log every incoming HTTP(s) request in the standard https://en.wikipedia.org/wiki/Common_Log_Format[`NCSA format`]. You can enable request logging by setting `SOLR_REQUESTLOG_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`.
 
+== Enable IP Access Control
+
+Restrict network access to specific hosts, by setting `SOLR_IP_WHITELIST`/`SOLR_IP_BLACKLIST` via environment variables or in `solr.in.sh`/`solr.in.cmd`.
+
+[source,bash]
+----
+# Allow IPv4/IPv6 localhost, the 192.168.0.x IPv4 network, and 2000:123:4:5:: IPv6 network.
+SOLR_IP_WHITELIST="127.0.0.1, [::1], 192.168.0.0/24, [2000:123:4:5::]/64"
+# Explicitly deny access to two problematic hosts.
+SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4"
+----
+
 == Securing ZooKeeper Traffic
 
 ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure