Thanks for the quick response, I'll look into this a bit more and see what I can do.
~Matt > : requestHandlers are those that are active on default. I think the gist > of > : what your saying is go through my solrconfig.xml file and secure any > paths > : that seem like they should be "admin" only? We are not really concerned > > correct. > > : about security so much as just making sure the average user cannot mess > : anything up. Users should only be able to search and retrieve xml > : responses from solr and admins should be able to do everything and > : anything else. > > sure ... but if your "users" are people who can hit the solr app directly, > and if you are planning to block access to "/update" that implies that you > are worried about them *trying* to update -- in which case you should also > block /select?qt=/update because they could use that to update as well > (it doesn't matter if there are no links to that URL anywhere, there are > no links to /update either -- but evidently you are worried about your > users constructing that URL as well) > > : > : BASIC Tomcat. Essentially I want users to only be able to /select/* > and > : > : admins to be able to do everything else. Right now I am checking for > : > : > : > : /select/* - Users > : > : /admin/* - Admin > : > : /update/* - Admin > : > : > : > : Are there other url strings I should be protecting? > : > : (This was unclear to me in the documentation) > : > > : > in general it depends on what requestHandlers you have configured in > your > : > solrconfig.xml ... if you have an instance of the > ExtractinRequestHandler > : > configured with the path "/extract/stuff" then you'll probably want to > : > protect that as well. In particular you may want to block users from > : > accessing /replication (but then if you'll need to give special access > to > : > the slave machines so they can query the master) > : > > : > You should also watch out for the "qt" param when using the special > : > "/select" path. I would suggest that you just block user access > : > /select, and use specific paths for accessing handlers directly (ie > : > /search, /dismax, etc...) > : > > : > > : > -Hoss > : > > : > > : > --------------------------------------------------------------------- > : > To unsubscribe, e-mail: [email protected] > : > For additional commands, e-mail: [email protected] > : > > : > > : > : > : --------------------------------------------------------------------- > : To unsubscribe, e-mail: [email protected] > : For additional commands, e-mail: [email protected] > : > > > > -Hoss > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
