Restrict Solr Admin Access

  •        0
  

Solr is a search engine built on top of Lucene. It supports REST interface and has lot of built-in capabilities. Solr package has Admin UI interface which has support to perform query and even delete the contents of the index. If you are using Solr in production then you may need to restrict access. I saw couple of questions in the group related to this topic. Thought to write an article explaining few tips to restrict the user access to Solr admin UI.

Below are the tips to restrict access to the Solr admin UI but Solr clients will work as usual. This is with respect to Tomcat.

Simple method: This method helps to restrict the access but administrator could access the UI.

  1. Rename or remove index.jsp
  2. Rename admin folder to some other name, say admin-xyz
  3. Access the admin UI using http://localhost/solr/admin-xyz
Restrict access to all users: Copy the below xml and paste it in web.xml available under . This will restrict access to all users including administrator. <security-constraint>
 <web-resource-collection>
 <web-resource-name>
  Restrict access to Solr admin
</web-resource-name>
 <url-pattern>/admin/*</url-pattern>
 <http-method>DELETE</http-method>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 <http-method>PUT</http-method>
 </web-resource-collection>
 <auth-constraint />
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
</security-constraint>

Restrict access, but allow privileged user: Sometimes we may need to restrict access to normal users but administrator might want to access the admin interface. In this case, Add username and password information to tomcat-users.xml and do the below change to get access to the privileged user.
Add user information to tomcat-users.xml <user username="admin" password="new-password" roles="admin, manager"/> Add below xml to web.xml <security-constraint>
 <web-resource-collection>
 <web-resource-name>
  Restrict access to Solr admin
</web-resource-name>
 <url-pattern>/admin/*</url-pattern>
 <http-method>DELETE</http-method>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 <http-method>PUT</http-method>
 </web-resource-collection>
 <auth-constraint >
 <role-name>manager</role-name>  </auth-constraint>  <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
Conclusion: If you are using Solr in production then better remove the admin folder and don't package it. In case there is any issue, there are sufficient logs to analyze it.


   

comments powered by Disqus


Related Articles

8 Best Open Source Searchengines built on top of Lucene

  • lucene solr searchengine elasticsearch

Lucene is most powerful and widely used Search engine. Here is the list of 7 search engines which is built on top of Lucene. You could imagine how powerful they are.

Read More


Solr vs Elastic Search

  • full-text-search search-engine lucene solr elastic-search

Solr and Elastic Search are built on top of Lucene. Both are open source and both have extra features which makes programmer life easy. This article explains the difference and the best situation to choose between them.

Read More


Why require Searchengine? Why not use database for full text search in Enterprise application.

  • searchengine database

Most of the database has support of full text search, basically indexing and saarching. MySQL, Oracle and many more databases has in-built full text search. Then what is the need to go for external search engine like Lucene, Sphinx, Solr etc. Check out the advantage of using Searchengine.

Read More


Lucene Vs Solr

  • searchengine lucene solr

Lucene is a search library built in Java. Solr is a web application built on top of Lucene. Certainly Solr = Lucene + Added features. Often there would a question, when to choose Solr and when to choose Lucene.

Read More


An introduction to LucidWorks Enterprise Search

  • lucene solr search engine enterprise

Lucidworks Enterprise search solution is built on top of Apache Solr. It scales seamlessly w/sub-second response times under extreme query loads for multi-billion document collections. It has user friendly UI, which does all the job of configuration and search.

Read More


Lucene / Solr as NoSQL database

  • lucene solr no-sql nosql document-store

Lucene and Solr are most popular and widely used search engine. It indexes the content and delivers the search result faster. It has all capabilities of NoSQL database. This article describes about its pros and cons.

Read More


Top 15 Open source alternative to Microsoft products

  • microsoft-alternative open-source-enterprise

Microsoft is monopoly in the commercial software. Here are 15 best alternatives to most popular and widely used Microsoft products.

Read More


Whats new in Lucene / Solr 4.0

  • lucene solr new-release

The release 4.0 is one of the important milestone for Lucene and Solr. It has lot of new features and performance important. Few important ones are highliggted in this article.

Read More


How to make money from Open Source

  • opensource how-to money

As open source getting popular day by day, many have questions like How to make money from Open Source? Lot more products are getting introduced and don't know who is making money. Certainly open source means, give the product and source for free then how to make money? Yes sell the product for free but get paid for its services.

Read More


How to create SEO friendly url

  • seo url searchengine

SEO friendly URL is recommended for any website which wants to be indexed and wants its presence in search results. Searchengine mostly index the static URL. It will avoid the URL which has lot of query strings. Almost all websites generate content dynamically then how could the URL be static. That is the job of the programmer.

Read More