[
https://issues.apache.org/jira/browse/SOLR-13985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16992776#comment-16992776
]
Jan Høydahl commented on SOLR-13985:
------------------------------------
Should we name the SOLR_JETTY_HOST something else, such as SOLR_BIND_HOST or
SOLR_BIND_IP? I like how Elasticsearch accepts special values {{_en0_}},
{{_local_}}, {{_site_}} and {{_global_}} as an alternative to knowing the IP
address up front. You may only know the hostname, but such convenience settings
could come later.
In your patch you still have 0.0.0.0 set in one of the solr.in files.
You have duplicated the same paragraphs in securing-solr.adoc and
taking-solr-to-production.adoc.
> bind to localhost by default
> ----------------------------
>
> Key: SOLR-13985
> URL: https://issues.apache.org/jira/browse/SOLR-13985
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Assignee: Jason Gerlowski
> Priority: Major
> Attachments: SOLR-13985.patch, SOLR-13985.patch
>
>
> Currently solr binds to all interfaces by default.
> The default should be safer, so that e.g. the user is not exposed to the
> internet until they make an explicit step to do so.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
