Dear Wiki user, You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.
The "SolrSecurity" page has been changed by JanHoydahl: http://wiki.apache.org/solr/SolrSecurity?action=diff&rev1=32&rev2=33 Comment: Info about proxy First and foremost, Solr does not concern itself with security either at the document level or the communication level. It is strongly recommended that the application server containing Solr be firewalled such the only clients with access to Solr are your own. A default/example installation of Solr allows any client with access to it to add, update, and delete documents (and of course search/read too), including access to the Solr configuration and schema files and the administrative user interface. - Besides limiting port access to the Solr server, standard Java web security can be added by tuning the container and the Solr web application configuration itself via web.xml. For example, all /update URLs could require HTTP authentication. + Besides limiting port access to the Solr server, standard Java web security can be added by tuning the container and the Solr web application configuration itself via web.xml. For example, all /update URLs could require HTTP authentication. + + If there is a need to provide query access to a Solr server from the open internet, it is highly recommended to use a proxy, such as [[https://github.com/evolvingweb/ajax-solr/wiki/Solr-proxies|one of these]]. <<TableOfContents>>
