Secure Solr Instance

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Secure Solr Instance

Kuldeep Sharma
Hi,

We are running solr instance using dataimport handler. Now, when we access Solr UI, then it is showing all configuration details(e.g. All DB details including credentials) after clicking on dataimport tab available on left side.

I have tried to protect this solr webapp which is deployed on Jboss. But after this search is not working as its asking for credentials and we have defined this URL within search application.

Can you please help me out for securing Solr Instance running on Prod Env?

------------------------
Best Regards,
Kuldeep Sharma



::DISCLAIMER::
----------------------------------------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.
E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents
(with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates.
Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the
views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of this message without the prior written consent of authorized representative of
HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.
Before opening any email and/or attachments, please check them for viruses and other defects.

----------------------------------------------------------------------------------------------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: Secure Solr Instance

Ted Dunning
Put a web tier in front of Solr.  Always.




On Wed, Aug 21, 2013 at 2:56 AM, Kuldeep Sharma <[hidden email]>wrote:

> Hi,
>
> We are running solr instance using dataimport handler. Now, when we access
> Solr UI, then it is showing all configuration details(e.g. All DB details
> including credentials) after clicking on dataimport tab available on left
> side.
>
> I have tried to protect this solr webapp which is deployed on Jboss. But
> after this search is not working as its asking for credentials and we have
> defined this URL within search application.
>
> Can you please help me out for securing Solr Instance running on Prod Env?
>
> ------------------------
> Best Regards,
> Kuldeep Sharma
>
>
>
> ::DISCLAIMER::
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
> The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only.
> E-mail transmission is not guaranteed to be secure or error-free as
> information could be intercepted, corrupted,
> lost, destroyed, arrive late or incomplete, or may contain viruses in
> transmission. The e mail and its contents
> (with or without referred errors) shall therefore not attach any liability
> on the originator or HCL or its affiliates.
> Views or opinions, if any, presented in this email are solely those of the
> author and may not necessarily reflect the
> views or opinions of HCL or its affiliates. Any form of reproduction,
> dissemination, copying, disclosure, modification,
> distribution and / or publication of this message without the prior
> written consent of authorized representative of
> HCL is strictly prohibited. If you have received this email in error
> please delete it and notify the sender immediately.
> Before opening any email and/or attachments, please check them for viruses
> and other defects.
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
Reply | Threaded
Open this post in threaded view
|

RE: Secure Solr Instance

Kuldeep Sharma
Hey Ted,

Can you please elaborate with example?

--------------------------
Regards,
Kuldeep Sharma

---------------------------------------------------------------------------------------
Regards,
Kuldeep Sharma|  IT Enterprise  |  McDonald's Corporation
Mobile:  +91-9560624333 |mailto: [hidden email]


-----Original Message-----
From: Ted Dunning [mailto:[hidden email]]
Sent: Wednesday, August 21, 2013 5:28 AM
To: [hidden email]
Subject: Re: Secure Solr Instance

Put a web tier in front of Solr.  Always.




On Wed, Aug 21, 2013 at 2:56 AM, Kuldeep Sharma <[hidden email]>wrote:

> Hi,
>
> We are running solr instance using dataimport handler. Now, when we
> access Solr UI, then it is showing all configuration details(e.g. All
> DB details including credentials) after clicking on dataimport tab
> available on left side.
>
> I have tried to protect this solr webapp which is deployed on Jboss.
> But after this search is not working as its asking for credentials and
> we have defined this URL within search application.
>
> Can you please help me out for securing Solr Instance running on Prod Env?
>
> ------------------------
> Best Regards,
> Kuldeep Sharma
>
>
>
> ::DISCLAIMER::
>
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> --------
>
> The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only.
> E-mail transmission is not guaranteed to be secure or error-free as
> information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or may contain viruses in transmission. The e mail
> and its contents (with or without referred errors) shall therefore not
> attach any liability on the originator or HCL or its affiliates.
> Views or opinions, if any, presented in this email are solely those of
> the author and may not necessarily reflect the views or opinions of
> HCL or its affiliates. Any form of reproduction, dissemination,
> copying, disclosure, modification, distribution and / or publication
> of this message without the prior written consent of authorized
> representative of HCL is strictly prohibited. If you have received
> this email in error please delete it and notify the sender
> immediately.
> Before opening any email and/or attachments, please check them for
> viruses and other defects.
>
>
> ----------------------------------------------------------------------
> ------------------------------------------------------------------------------
>
Reply | Threaded
Open this post in threaded view
|

Re: Secure Solr Instance

Ted Dunning
No.

This is totally simple.

Just define your service end points on your web tier.

These should forward requests to the solr server (which should not itself
be otherwise accessible.

If you have the capability for layer 7 filtering between the web and solr
tiers you can add limits on which URL's can be touched by the web tier.
 You can probably do this pretty easily using Apache configs.

There isn't much else to say.  It is dead easy.

On Wed, Aug 21, 2013 at 3:34 AM, Kuldeep Sharma <[hidden email]>wrote:

> Hey Ted,
>
> Can you please elaborate with example?
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Secure Solr Instance

Jan Høydahl / Cominvent
Also see e.g. https://github.com/evolvingweb/ajax-solr/wiki/Solr-proxies for a list of proxies in case you need to expose low-level API access to Solr from the outside, e.g. from JS clients.

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

21. aug. 2013 kl. 12:44 skrev Ted Dunning <[hidden email]>:

> No.
>
> This is totally simple.
>
> Just define your service end points on your web tier.
>
> These should forward requests to the solr server (which should not itself
> be otherwise accessible.
>
> If you have the capability for layer 7 filtering between the web and solr
> tiers you can add limits on which URL's can be touched by the web tier.
> You can probably do this pretty easily using Apache configs.
>
> There isn't much else to say.  It is dead easy.
>
> On Wed, Aug 21, 2013 at 3:34 AM, Kuldeep Sharma <[hidden email]>wrote:
>
>> Hey Ted,
>>
>> Can you please elaborate with example?
>>
>>

Reply | Threaded
Open this post in threaded view
|

RE: Secure Solr Instance

Kuldeep Sharma
In reply to this post by Ted Dunning
Hi Ted,

It would be really helpful, if you share any document or link about below.

---------------------------------------------------------------------------------------
Regards,
Kuldeep Sharma

-----Original Message-----
From: Ted Dunning [mailto:[hidden email]]
Sent: Wednesday, August 21, 2013 5:44 AM
To: [hidden email]
Subject: Re: Secure Solr Instance

No.

This is totally simple.

Just define your service end points on your web tier.

These should forward requests to the solr server (which should not itself be otherwise accessible.

If you have the capability for layer 7 filtering between the web and solr tiers you can add limits on which URL's can be touched by the web tier.
 You can probably do this pretty easily using Apache configs.

There isn't much else to say.  It is dead easy.

On Wed, Aug 21, 2013 at 3:34 AM, Kuldeep Sharma <[hidden email]>wrote:

> Hey Ted,
>
> Can you please elaborate with example?
>
>


::DISCLAIMER::
----------------------------------------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.
E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents
(with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates.
Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the
views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of this message without the prior written consent of authorized representative of
HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.
Before opening any email and/or attachments, please check them for viruses and other defects.

----------------------------------------------------------------------------------------------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: Secure Solr Instance

rulinma
In reply to this post by Kuldeep Sharma
I also want to explose to web, but boss not agree.
I think it can be done.
mark.