lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl <jan....@cominvent.com>
Subject Re: Web Server HTTP Header Internal IP Disclosure SOLR port
Date Mon, 07 Jan 2019 08:15:45 GMT
Are you saying that the redirect from http://my.ip:8983/ to http://my.ip.8983/solr/ is a security
issue for you? Please tell us how this could be by providing a real example where you believe
that Solr exposes some secret information that the requesting client should not gain access
to?? Remember that Solr is not any random Web server and must be firewalled and not exposed
to the internet. Your security scan tool may have other assumptions?

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 7. jan. 2019 kl. 05:55 skrev Muniraj M <muniraj.m@ewallsolutions.com>:
> 
> Hi,
> 
> I am using Apache SOLR 6.6.5 as my search engine and when we do security
> scan on our server, we got the below response
> 
> *When processing the following request : GET / HTTP/1.0 this web server
> leaks the following private IP address : X.X.X.X as found in the following
> collection of HTTP headers : HTTP/1.1 302 Found
> Location: http://X.X.X.X:8983/solr/
> <http://x.x.x.x:8983/solr/> Content-Length: 0*
> 
> I have checked for more time however haven't find any solutions to fix this
> problem. Any idea of how to solve this would be really appreciated.
> 
> -- 
> Regards,
> *Muniraj M*


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message