From 7feba46a6f2e8aefc1c513771128a07aa2624d8e Mon Sep 17 00:00:00 2001
From: Robert Muir <rmuir@apache.org>
Date: Tue, 24 Dec 2019 07:55:42 -0800
Subject: [PATCH] SOLR-14144: add IP-based access control to securing solr page

---
 solr/solr-ref-guide/src/securing-solr.adoc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/solr/solr-ref-guide/src/securing-solr.adoc b/solr/solr-ref-guide/src/securing-solr.adoc
index 06bbd3f1645..59029418fdd 100644
--- a/solr/solr-ref-guide/src/securing-solr.adoc
+++ b/solr/solr-ref-guide/src/securing-solr.adoc
@@ -62,6 +62,18 @@ Audit logging will record an audit trail of incoming reqests to your cluster, su
 
 Solr can optionally log every incoming HTTP(s) request in the standard https://en.wikipedia.org/wiki/Common_Log_Format[`NCSA format`]. You can enable request logging by setting `SOLR_REQUESTLOG_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`.
 
+== Enable IP Access Control
+
+Restrict network access to specific hosts, by setting `SOLR_IP_WHITELIST`/`SOLR_IP_BLACKLIST` via environment variables or in `solr.in.sh`/`solr.in.cmd`.
+
+[source,bash]
+----
+# Allow IPv4/IPv6 localhost, the 192.168.0.x IPv4 network, and 2000:123:4:5:: IPv6 network.
+SOLR_IP_WHITELIST="127.0.0.1, [::1], 192.168.0.0/24, [2000:123:4:5::]/64"
+# Explicitly deny access to two problematic hosts.
+SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4"
+----
+
 == Securing ZooKeeper Traffic
 
 ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure