web-applications solr full-text-search jetty search-engine

Securing Apache Solr in production

We are using Apache Solr 4.1 to index data for a web app. Only the web app should have access to the Solr. Users and other clients will not directly talk to Solr.

What are some of the best practices to secure this type of Solr use case?

(we are using Jetty to run Solr)

Solution

Well, just a few of the options available:

Don't expose the Solr server URL to the browser, make sure only the web app can see it and issue queries to the Solr server (SolrJ and Solr.Net are good clients to use for this).
Don't allow any other URL to communicate with your Solr server host except the web app server.
Use a proxy to obfuscate the Solr server URL and disallow certain queries and URLs ( and admin).

How to go about debugging JavaScript in the HtmlService in Google Scripts
How to disable rubber band in iOS web apps?
Reuse VB Declaration From Master Page On Multiple Web App Pages
How can I simulate a 'down' website?
Error message while automating data entry from web app contact form to google sheet
How can I get the 'appname' to build t.me URL for launching Telegram Web App for Bots
Protocols for communicating over web sockets
Is web development possible using Google Sites?
Getting to know a new web system that requires new features
ASP.NET: HTTP Error 500.19 – Internal Server Error 0x8007000d
Authorization is revoked every week. How to maintain persistent authorization?
How to create a file in memory for user to download, but not through server?
Camera not working if used in homescreen app IOS
How to refresh page, Google app Script Web
Deploying a Mercurial Repository to Production - Security Concerns and Tips
Azure Static Web App returns incorrect MIME type for CSS and JS files (text/html instead of application/javascript and text/css)
How to update partial view list in a "Create" view after submitting input in a ASP.NET core MVC web app to server?
Connect to Flask Server from other devices on same network
Image not displayed in google web application and also only date not displayed. It displayed with GMT and standard time zone
How to check if ios safari/chrome is in lockdown mode for a ReactJS Webapp
Looking for the ways for test automation of web site
Aggregator tool for bug/issue trackers?
Is there a general way to run Web Applications on Google Colab?
multiple users, multiple applications, one server
How to remove Warning "This application was created by another user, not by Google" in Google Apps for Education
Read epub with epubjs or epub-parser always returns empty
Form generating twice in Apps Script using JQuery
Which jar files do I have to put in the lib folder for these import statements to work?
How does a server work and different clients?
How do I deal with concurrent changes in a web application?