Thanks for the response. I am using the most basic Solr Installation so I imagine the only requestHandlers are those that are active on default. I think the gist of what your saying is go through my solrconfig.xml file and secure any paths that seem like they should be "admin" only? We are not really concerned about security so much as just making sure the average user cannot mess anything up. Users should only be able to search and retrieve xml responses from solr and admins should be able to do everything and anything else.
Thank you for your time, ~Matt > > : BASIC Tomcat. Essentially I want users to only be able to /select/* and > : admins to be able to do everything else. Right now I am checking for > : > : /select/* - Users > : /admin/* - Admin > : /update/* - Admin > : > : Are there other url strings I should be protecting? > : (This was unclear to me in the documentation) > > in general it depends on what requestHandlers you have configured in your > solrconfig.xml ... if you have an instance of the ExtractinRequestHandler > configured with the path "/extract/stuff" then you'll probably want to > protect that as well. In particular you may want to block users from > accessing /replication (but then if you'll need to give special access to > the slave machines so they can query the master) > > You should also watch out for the "qt" param when using the special > "/select" path. I would suggest that you just block user access > /select, and use specific paths for accessing handlers directly (ie > /search, /dismax, etc...) > > > -Hoss > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org > For additional commands, e-mail: dev-h...@lucene.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
