lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant Ingersoll <>
Subject Re: manage rights
Date Wed, 07 Oct 2009 21:35:35 GMT
You should also separate your indexer from your searcher and make the  
searcher request handlers allow search only (remove the handlers you  
don't need).  You could also lock down the request parameters that  
they take, too, by using invariants, etc.

Have a look in your solrconfig.xml.  You could, of course, also have a  
ServletFilter in front of Solr or some other type of firewall that  
just throws away the requests you don't wish to support.

And, of course, firewalls can be used, too.

On Oct 7, 2009, at 4:50 PM, Lance Norskog wrote:

> There are no security features in Solr 1.4. You cannot do this.
> It would be really simple to implement a hack where all management
> must be done via POST, and then allow the configuration to ban POST
> requests.
> On 10/7/09, clico <> wrote:
>> Hi everybody
>> As I'm ready to deploy my solr server (after many tests and use  
>> cases)
>> I'd like ton configure my server in order that some request cannot  
>> be post
>> As an example :
>> My CMS or data app can use
>> - dataimport
>> - and other indexing  commands
>> My website can only perform a search on the server
>> could one explain me where this configuration has to be done?
>> Thanks
>> --
>> View this message in context:
>> Sent from the Solr - User mailing list archive at
> -- 
> Lance Norskog

Grant Ingersoll

Search the Lucene ecosystem (Lucene/Solr/Nutch/Mahout/Tika/Droids)  
using Solr/Lucene:

View raw message