: requestHandlers are those that are active on default. I think the gist of : what your saying is go through my solrconfig.xml file and secure any paths : that seem like they should be "admin" only? We are not really concerned
correct. : about security so much as just making sure the average user cannot mess : anything up. Users should only be able to search and retrieve xml : responses from solr and admins should be able to do everything and : anything else. sure ... but if your "users" are people who can hit the solr app directly, and if you are planning to block access to "/update" that implies that you are worried about them *trying* to update -- in which case you should also block /select?qt=/update because they could use that to update as well (it doesn't matter if there are no links to that URL anywhere, there are no links to /update either -- but evidently you are worried about your users constructing that URL as well) : > : BASIC Tomcat. Essentially I want users to only be able to /select/* and : > : admins to be able to do everything else. Right now I am checking for : > : : > : /select/* - Users : > : /admin/* - Admin : > : /update/* - Admin : > : : > : Are there other url strings I should be protecting? : > : (This was unclear to me in the documentation) : > : > in general it depends on what requestHandlers you have configured in your : > solrconfig.xml ... if you have an instance of the ExtractinRequestHandler : > configured with the path "/extract/stuff" then you'll probably want to : > protect that as well. In particular you may want to block users from : > accessing /replication (but then if you'll need to give special access to : > the slave machines so they can query the master) : > : > You should also watch out for the "qt" param when using the special : > "/select" path. I would suggest that you just block user access : > /select, and use specific paths for accessing handlers directly (ie : > /search, /dismax, etc...) : > : > : > -Hoss : > : > : > --------------------------------------------------------------------- : > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org : > For additional commands, e-mail: dev-h...@lucene.apache.org : > : > : : : --------------------------------------------------------------------- : To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org : For additional commands, e-mail: dev-h...@lucene.apache.org : -Hoss --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org