different levels of security configuration for Apache SOLR

Question

this is what we need for our SOLR instance

1) all urls except for select need ip as well as password restrictions 2) select url can be accessed from any ip but needs a password to be accessed. this password is different than the password used for point 1 above. also if the ip is from our internal network then no password needed even to access select url

in short, we need to protect everything except for select from the outside world (ip + password). but for select we want to give access to outside world so no ip restriction but they need a username and password to access it. however for select, for certain ips, we dont even want the username and password restriction

how to achieve this. thanks in advance guys

Answer 1

Here's how to filter requests by user's IP address, using Tomcat's Valve Component: http://wiki.apache.org/tomcat/FAQ/Security#Q6

You can use Tomcat Basic authentication to restrict access to specific URL patterns.

Your Solr application's web.xml:

 <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Admin and Update protection</realm-name>
 </login-config>

 <security-constraint>
    <web-resource-collection>
        <web-resource-name>Hr core administration</web-resource-name>
        <url-pattern>/coreHr/admin/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
        <role-name>solradmin</role-name>
    </auth-constraint>
 </security-constraint>

 <security-constraint>
    <web-resource-collection>
        <web-resource-name>En core administration</web-resource-name>
        <url-pattern>/coreEn/admin/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
        <role-name>solradmin</role-name>
    </auth-constraint>
 </security-constraint>

  <security-constraint>
    <web-resource-collection>
        <web-resource-name>Hr core update</web-resource-name>
        <url-pattern>/coreHr/update*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
        <role-name>solradmin</role-name>
    </auth-constraint>
 </security-constraint>

  <security-constraint>
    <web-resource-collection>
        <web-resource-name>En core update</web-resource-name>
        <url-pattern>/coreEn/update*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
        <role-name>solradmin</role-name>
    </auth-constraint>
 </security-constraint>

tomcat-users.xml:

<role rolename="manager"/>
<role rolename="admin"/>
<role rolename="solradmin"/>
<user username="mbo" password="mbo11" roles="manager,admin,solradmin"/>