Geek Answers Handbook

How to disable solr admin page

For production, it is not safe to have solr admin, which does not even ask for credentials. How to disable the default solr admin page? I just want my webapp to use Solr to index the search term.

+7
source share
4 answers

I highly recommend saving the administration page for debugging purposes. It saved me in many cases. There are ways to limit it to only authenticated HTTP users: http://wiki.apache.org/solr/SolrSecurity#Jetty_example . You may need to unzip and re-dock your website.

However, if you still want to disable the entire admin section, you can comment on the adminHandler request in $ {SOLR_HOME} /project/solr/conf/solrconfig.xml.

+10
source

You can password protect your admin page by simply adding a security restriction to the Solr web application.

Fragment for Solr 3.6:

<security-constraint> <!-- This protects your admin interface and grants access to role Solr-Admin --> <web-resource-collection> <web-resource-name>Solr admin</web-resource-name> <!--url-pattern>/admin/*</url-pattern--> <url-pattern>/evu/admin/*</url-pattern> <url-pattern>/webcrawl/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Solr-Admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <!-- This protects your admin interface and grants access to roles Solr-Admin and Solr-Updater --> <web-resource-collection> <web-resource-name>Solr Update</web-resource-name> <url-pattern>/update/*</url-pattern> <url-pattern>/evu/update/*</url-pattern> <url-pattern>/webcrawl/update/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Solr-Admin</role-name> <role-name>Solr-Update</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <!-- This one is necessary to show the image on the Solr start page --> <web-resource-collection> <web-resource-name>Solr Admin images</web-resource-name> <url-pattern>*.png</url-pattern> </web-resource-collection> <auth-contraint> <role-name>*</role-name> </auth-contraint> </security-constraint> <security-role> <description>The role that is required to administer Solr</description> <role-name>Solr-Admin</role-name> </security-role> <security-role> <description>The role that is required to update the Solr index</description> <role-name>Solr-Update</role-name> </security-role> <login-config> <auth-method>BASIC</auth-method> <realm-name>Solr</realm-name> </login-config> </web-app>

In Solr 4, you need to protect the following resources for the admin interface:

 /admin/* /admin.html
+2
source

sudo vim / opt / solr-4.8.1 / example / etc / jetty.xml change

  <!-- This connector is currently being used for Solr because it showed better performance than nio.SelectChannelConnector for typical Solr requests. --> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.bio.SocketConnector"> <Set name="host">0.0.0.0</Set> <Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set> <Set name="maxIdleTime">50000</Set> <Set name="lowResourceMaxIdleTime">1500</Set> <Set name="statsOn">false</Set> </New> </Arg> </Call>

to

  <!-- This connector is currently being used for Solr because it showed better performance than nio.SelectChannelConnector for typical Solr requests. --> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.bio.SocketConnector"> <Set name="host">127.0.0.1</Set> <Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set> <Set name="maxIdleTime">50000</Set> <Set name="lowResourceMaxIdleTime">1500</Set> <Set name="statsOn">false</Set> </New> </Arg> </Call>

then sudo service solrd restart

0
source

The easiest way:

iptables -A INPUT -p tcp --dport 8983 -j DROP

iptables -A INPUT -p tcp -s 127.0.0.1 --dport 8983 -j ACCEPT

with this order!

-3
source

More articles:


All Articles