对于生产,拥有一个甚至不会要求登录凭据的solr管理员感觉不安全。如何禁用默认出现的solr管理页面?我只是希望我的webapp使用Solr进行搜索词索引。
答案 0 :(得分:10)
我强烈建议保留管理页面以进行调试。它在很多情况下救了我。有一些方法可以将其限制为仅经过HTTP身份验证的用户:http://wiki.apache.org/solr/SolrSecurity#Jetty_example。您可能需要解压缩并重新压缩您的webapp。
但是,如果您仍想要禁用整个管理部分,则可以在$ {SOLR_HOME} /project/solr/conf/solrconfig.xml中注释掉admin requestHandler。
答案 1 :(得分:2)
只需向Solr Web应用程序添加安全约束,即可使用密码保护管理页面。
Solr 3.6的片段:
<security-constraint>
<!-- This protects your admin interface and grants access to role Solr-Admin -->
<web-resource-collection>
<web-resource-name>Solr admin</web-resource-name>
<!--url-pattern>/admin/*</url-pattern-->
<url-pattern>/evu/admin/*</url-pattern>
<url-pattern>/webcrawl/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Solr-Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<!-- This protects your admin interface and grants access to roles Solr-Admin and Solr-Updater -->
<web-resource-collection>
<web-resource-name>Solr Update</web-resource-name>
<url-pattern>/update/*</url-pattern>
<url-pattern>/evu/update/*</url-pattern>
<url-pattern>/webcrawl/update/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Solr-Admin</role-name>
<role-name>Solr-Update</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<!-- This one is necessary to show the image on the Solr start page -->
<web-resource-collection>
<web-resource-name>Solr Admin images</web-resource-name>
<url-pattern>*.png</url-pattern>
</web-resource-collection>
<auth-contraint>
<role-name>*</role-name>
</auth-contraint>
</security-constraint>
<security-role>
<description>The role that is required to administer Solr</description>
<role-name>Solr-Admin</role-name>
</security-role>
<security-role>
<description>The role that is required to update the Solr index</description>
<role-name>Solr-Update</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Solr</realm-name>
</login-config>
</web-app>
在Solr 4中,您必须为管理界面保护以下资源:
/admin/*
/admin.html
答案 2 :(得分:0)
sudo vim /opt/solr-4.8.1/example/etc/jetty.xml 变化
<!-- This connector is currently being used for Solr because it
showed better performance than nio.SelectChannelConnector
for typical Solr requests. -->
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.bio.SocketConnector">
<Set name="host">0.0.0.0</Set>
<Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set>
<Set name="maxIdleTime">50000</Set>
<Set name="lowResourceMaxIdleTime">1500</Set>
<Set name="statsOn">false</Set>
</New>
</Arg>
</Call>
到
<!-- This connector is currently being used for Solr because it
showed better performance than nio.SelectChannelConnector
for typical Solr requests. -->
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.bio.SocketConnector">
<Set name="host">127.0.0.1</Set>
<Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set>
<Set name="maxIdleTime">50000</Set>
<Set name="lowResourceMaxIdleTime">1500</Set>
<Set name="statsOn">false</Set>
</New>
</Arg>
</Call>
然后 sudo service solrd restart
答案 3 :(得分:-2)
最简单的方法:
iptables -A INPUT -p tcp --dport 8983 -j DROP
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 8983 -j ACCEPT
这个订单!