blog-banner

How To Protect Apache Solr Admin Console

  • Apache
  • SOLR

Apache Solr Admin


If you are using the default start.jar that comes along with Apache Solr, to run your solr server instances for the Drupal site, the following instructions might help to secure the administrative console from unauthorized access.

The default setup relies on Jetty,

[[{"type":"media","view_mode":"media_original","fid":"100","attributes":{"alt":"","class":"media-image","typeof":"foaf:Image"}}]]

Jetty is a pure Java-based HTTP client/server, WebSocket client/server and servlet container (Application server) developed as a free and open source project as part of the Eclipse Foundation. It is currently used in products such as ActiveMQ, Alfresco,  Apache Geronimo, Apache Maven, Google App Engine, Eclipse, FUSE, HP OpenView, JBoss, Liferay, Ubuntu, Twitter's Streaming API and Zimbra. Jetty is also used as a standard Java application server by many open source projects such as Lift, Eucalyptus and Hadoop.

Steps to make solr server secure:

1: Configure Authentication Realms

If you had followed the instructions mentioned in the drupal.org handbook Apache Solr Multi-core Setup using Jetty, you will notice a jetty.xml file at apache-solr-3.5.0/drupal/etc and uncomment the lines at 184 so it would look as below,

  1. name="UserRealms">
  2.   type="org.mortbay.jetty.security.UserRealm">
  3.    
  4.       class="org.mortbay.jetty.security.HashUserRealm">
  5.         name="name">Auth</Set>
  6.         name="config">name="jetty.home" default="."/>/etc/realm.properties</Set>
  7.         name="refreshInterval">0</Set>
  8.       </New>
  9.     </Item>
  10.   </Array>
  11. </Set>

2: In webdefault.xml (or web.xml) add the following lines to end of the file

  1.   </locale-encoding-mapping-list>
  2.  
  3.     user</role-name>
  4.   </security-role>
  5.  
  6.     Auth</realm-name>
  7.   </login-config>
  8.  
  9.    
  10.       File Upload</web-resource-name>
  11.       /*</url-pattern>
  12.     </web-resource-collection>
  13.    
  14.       user</role-name>
  15.     </auth-constraint>
  16.   </security-constraint>
  17. </web-app>

3. Create a realm.properties file

Create realm.properties password file, this is with respect to a drupal folder in apache-solr-3.5.0 (fullpath apache-solr-3.5.0/drupal/etc/realm.properties) and add the following line,

  1. foo: bar,user

where foo is username and bar is password. You can even have md5 password in the place of plain text.

4. Testing your server instance

When a request is made the user will be promoted to authenticate as follow,

[[{"type":"media","view_mode":"media_original","fid":"101","attributes":{"alt":"","class":"media-image","typeof":"foaf:Image"}}]]

This way Apache solr server can be securely accessed from a distributed server.

Note: This protects only the requests received via Jetty, however, the PHP client that comes along with Drupal Apache Solr module can still access solr server without any restrictions.