On Fri, Sep 07, 2012 at 08:50:58AM +0200, Paul Libbrecht wrote: > Erick, > > I think that should be described differently... > You need to set-up protected access for some paths. > /update is one of them. > And you could make this protected at the jetty level or using Apache proxies > and rewrites.
So you'd advise always putting an Apache in front of Jetty? > Probably /select should be kept open As far as I understand [1], it's better to close /select (because you can easily make an admin or update out of it, by e.g. doing a /select?qt=/admin or /select?qt=/update) > but you need to evaluate if that can get > you > in DoS attacks if there are too big selects. If that is the case, you're left > to > programme an interface all by yourself which limits and fetches from solr, or > which > lives inside solr (a query component) and throws if things are too big. [1] <http://wiki.apache.org/solr/SolrSecurity#Path_Based_Authentication> Regads -- Tomás Zerolo Axel Springer AG Axel Springer media Systems BILD Produktionssysteme Axel-Springer-Straße 65 10888 Berlin Tel.: +49 (30) 2591-72875 tomas.zer...@axelspringer.de www.axelspringer.de Axel Springer AG, Sitz Berlin, Amtsgericht Charlottenburg, HRB 4998 Vorsitzender des Aufsichtsrats: Dr. Giuseppe Vita Vorstand: Dr. Mathias Döpfner (Vorsitzender) Jan Bayer, Ralph Büchi, Lothar Lanz, Dr. Andreas Wiele
