Op di 27 sep. 2022 om 04:58 schreef Shawn Heisey <apa...@elyograg.org.invalid>:
> On 9/26/22 15:06, Victoria Stuart (VictoriasJourney.com) wrote: > > To clarify - in my case the web page has an input / search element that > connects to Solr (running in the background) via an Ajax script. > > This is a very bad idea. You've given end users direct access to your > Solr server, which you should never do. The application should talk to > Solr, end users shouldn't be able to make a network connection to it at > all. Even if you have worked out exactly how to keep the users from > changing the index, they would be able to craft denial of service > queries that would keep the Solr server too busy to function normally. > > Would you let end users have direct access to your database server's > network port, even with TLS and strong passwords? I wouldn't. > > Thanks, > Shawn > > FWIW: I recently had to grant temporary access to an external developer to read from a single dev core. Mind you, this is not a production setup! Proxied it through nginx as "https://dev-solr.example.org:443"; with a Let's Encrypt certificate. Config looked something like this: auth_basic "My Solr"; auth_basic_user_file /path/to/.htpasswd; location /solr/my_core/select { proxy_pass http://10.0.0.1:8983/solr/my_core/select; proxy_http_version 1.1; }
