Solr authentication possible? (or apache port authentication would also work)
Currently anybody can access the solr admin page by going to my_ip:8983/solr
I can't have it like that, so how can I make it prompt for pas开发者_如何学Gosword or something?
I have setup my servers apache2.conf file to prompt for password whenever my site is accessed by www.mydomain.com.
But when using another port, the "require password" wont show up.
Any ideas how to secure this?
Don't point me to the SolrSecurity wiki because it's simply too outdated. I have tried it without luck.
Thanks
Okay, this might be a bit long winded since the original poster doesn't know about network interfaces, so here we go...
Network interfaces
Computers which are connected to a network usually feature a concept of a network interface, which is an abstraction that combines IP configuration data (address, netmask, DNS servers, etc) to a hardware device that talks to the network (your ethernet card, your wifi card, whatever).
Additionally, you would have something called a loopback interface - a virtual interface that is something like your computer's ability to talk to itself :) Modern systems usually come with a loopback interface that is configured with an IP address of 127.0.0.1. This allows your computer to pretend to be networked even if it isn't, making some internal operations more generic.
Now, when you start a networked application, you usually need to tell it which interface to use, or in some applications' lingo "which address to bind to." Apache, for example, uses the listen directive for this. Go read up on it.
How interfaces relate to availabiliy
Let's say that your Apache server is listening on an interface which is configured with a public, Internet IP address... anyone in the world will be able to reach whatever that Apache is serving via the IP address, or via a DNS name which resolves to that addres...
That's generally what is currently happening to your solr instance.
Now, the important point about the loopback interface is that the stuff that is bound to the local interface is only reachable from that computer. I think you can see where we are going.
The solution
The solution would be as follows:
Configure solr to accept requests (or whatever it does) only via the loopback interface. You'll probably need to change some parameter such as "listen to," "bind" or something of the kind.
Configure Apache to reverse proxy the requests it receives on the public interface to solr.
Make Apache authorize requests by something like basic HTTP authentication.
If you are still stuck after this, ask on, and I can go into details, though I don't have any solr experience.
I am not an expert in this area. I only needed this for myself. In the web.xml of the app or of tomcat/conf/web.xml do what is described here:
http://www.alexxoid.com/blog/linux/restrict-access-tomcat-web-app.html
While doing this, I found the following links useful to set it up:
http://oreilly.com/java/archive/tomcat-tips.html
http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/RestrictedAccess.html
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
Tip: Instead of Proxy one can use mod_jk which should be faster
精彩评论