![\"Solr_Logo_on_white\"](\"http:\/\/capture.ccio.us\/wp-content\/uploads\/2016\/11\/Solr_Logo_on_white-300x152.png\"){kind=logo}
\n<\/p>\n
If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees. \u2014 Kahlil Gibran<\/em><\/p><\/blockquote>\n
Solr\u2019s strength lies primarily in its ability to rapidly index and query vast troves of data. \u00a0With this powerful ability, however, \u00a0comes certain caveats. \u00a0One caveat in particular remains a vitally important consideration when planning your Solr environment: Security.
\nBy its very nature, security is something of an enigma. \u00a0Documentation is often limited, and is often provided on a strict \u201cneed-to-know\u201d basis. \u00a0In the programming world, security failure response messages are often vague or even non-existent. \u00a0Further, because security is by design restrictive, it can be problematic. Despite these hurdles, it remains a critical necessity to any enterprise.
\nWhen you first install and startup Solr, you\u2019ll notice that no authentication is required. \u00a0Out-of-the-box, Solr is unsecured. \u00a0Thus your first consideration is to make sure that Solr is behind an appropriately-configured firewall<\/strong>, and that user permissions on Solr instances are properly locked down. \u00a0The user under which Solr runs should only have \u2018write\u2019 access to the Solr root directory.\u00a0<\/strong> The firewall layer is really the front line of your defense strategy. \u00a0From there, you\u2019ll want to consider a variety of software security layers. \u00a0 The final configuration would, of course, depend on the nature of your application, so it\u2019s a good idea to have a solid architecture and corresponding use cases in mind prior to creating a security plan.
\nAs previously mentioned, once you have your hardware firewall established, you\u2019ll want to consider the various possible\u00a0layers of software security. \u00a0This would include antivirus\/trojan\/malware prevention, detection and eradiction applications, real-time behavior monitoring capable of alerting critical users when odd behavior begins to occur, \u00a0DDOS (Direct Denial of Service) attack detections software, data encryption software, and so on. \u00a0The combinations are literally limitless, and again, will depend on the end goal of your project.
\nWith your software security layer in place, you can begin securing Solr<\/a> directly.
\nSolr is capable of integrating with a variety of third-party authentication frameworks, including LDAP and Kerberos. \u00a0Since the 5.x release, it also comes with built-in support for Basic Authentication<\/a>. \u00a0Basic Authentication will allow you to secure Solr\u2019s admin console, as well as provide collection level granularity.
\nBeyond console and collection-level security, it is considered best practice to put your own application service in front of Solr, and using, for example, the SolrJ<\/a> library to communicate with Solr.
\nIn summary, securing your Solr environment requires a good deal of planning and forethought. \u00a0There are several layers of security that must\u00a0be addressed in order to make sure your environment is secured from malicious attacks.<\/p>\nIn a Nutshell:<\/strong><\/h2>\n
\n
- Solr is by default and by design, completely unsecured out-of-the-box. \u00a0It is vitally important that your Solr instance is behind a firewall, and that box level security is appropriate and limited to only critical users.<\/strong><\/li>\n
- Choose the appropriate suite of software security tools to provide protection against malware, DDOS attacks, and so on.<\/li>\n
- Use the Solr BasicAuthentication plugin, or other supported services, to secure the Solr console and collections.<\/li>\n
- Create a custom service to provide communication between your client applications and Solr.<\/li>\n<\/ol>\n
<\/p>\n
Futher Reading:<\/strong><\/h2>\n
\n
- Basic Authentication Permissions<\/a><\/li>\n
- Document Level Security in Solr<\/a><\/li>\n
- Solr Tips, Trick and Things You Really Ought to Know<\/a><\/li>\n<\/ul>\n
<\/p>\n<\/body>","protected":false},"excerpt":{"rendered":"
If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees. \u2014 Kahlil Gibran Solr\u2019s strength lies primarily in its ability to rapidly index and query vast troves of data. \u00a0With this powerful ability, however, \u00a0comes certain caveats. \u00a0One caveat in particular remains a vitally important […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"pagelayer_contact_templates":[],"_pagelayer_content":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-1095","post","type-post","status-publish","format-standard","hentry"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/posts\/1095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/comments?post=1095"}],"version-history":[{"count":0,"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/posts\/1095\/revisions"}],"wp:attachment":[{"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/media?parent=1095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/categories?post=1095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/capture.club\/portal\/wp-json\/wp\/v2\/tags?post=1095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}