Securing Solr
When planning how to secure Solr, you should consider which of the available features or approaches are right for you.
- Authentication or authorization of users using:
- Enabling SSL
- If using SolrCloud, ZooKeeper Access Control
- Audit logging for recording an audit trail
No Solr API, including the Admin UI, is designed to be exposed to non-trusted parties. Tune your firewall so that only trusted computers and people are allowed access. Because of this, the project will not regard e.g., Admin UI XSS issues as security vulnerabilities. However, we still ask you to report such issues in JIRA. |