Apache
/
lucene
mirror of https://github.com/apache/lucene.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SOLR-14144: add IP-based access control to securing solr page

This commit is contained in:
Robert Muir 2019-12-24 07:55:42 -08:00
parent 4cde252a84
commit 7feba46a6f
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
solr/solr-ref-guide/src/securing-solr.adoc
View File

@ -62,6 +62,18 @@ Audit logging will record an audit trail of incoming reqests to your cluster, su
Solr can optionally log every incoming HTTP(s) request in the standard https://en.wikipedia.org/wiki/Common_Log_Format[`NCSA format`]. You can enable request logging by setting `SOLR_REQUESTLOG_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`. Solr can optionally log every incoming HTTP(s) request in the standard https://en.wikipedia.org/wiki/Common_Log_Format[`NCSA format`]. You can enable request logging by setting `SOLR_REQUESTLOG_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`.
== Enable IP Access Control
Restrict network access to specific hosts, by setting `SOLR_IP_WHITELIST`/`SOLR_IP_BLACKLIST` via environment variables or in `solr.in.sh`/`solr.in.cmd`.
[source,bash]
----
# Allow IPv4/IPv6 localhost, the 192.168.0.x IPv4 network, and 2000:123:4:5:: IPv6 network.
SOLR_IP_WHITELIST="127.0.0.1, [::1], 192.168.0.0/24, [2000:123:4:5::]/64"
# Explicitly deny access to two problematic hosts.
SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4"
----
== Securing ZooKeeper Traffic == Securing ZooKeeper Traffic
ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure