Thank you Tuan and Mark for your insight, which was / is very helpful.
I think you want to be a bit careful about how much of Solr you make
generally available. There's a thread on the solr-user list from a
while back that discusses this:
and even access to the '/select' handler can be enough to inadvertently
give access to the other index-modifying request handlers.
A variation on Tuan's suggestion might be to use Apache + mod_proxy +
mod_auth_basic/mod_authn_file to require a username/password to access
Solr--assuming you only have a small number of users needing access, and
that they're not actively out to get you :)
If you need to provide access more broadly (or if your users *are* out
to get you), you could leave Solr firewalled off and write a custom
webapp to provide controlled access to the bits they need. In addition
to using the usual '/select' handler for firing searches, you can use
the FieldAnalysisRequestHandler to produce your own version of the
"Analysis" page shown by Solr admin:
It might not be enabled in the VuFind solrconfig.xml, but I think you
would just need to add a new solrconfig.xml entry like:
<requestHandler name="/analysis/field" class="solr.FieldAnalysisRequestHandler" />
to activate it. Then something like:
curl -s 'http://localhost:8080/solr/biblio/analysis/field?analysis.fieldname=title&analysis.fieldvalue=hello+world&wt=json' | python -mjson.tool
Should give you more than you ever wanted to know about how queries are
anna headley <email@example.com> writes:
> Hi vufind-tech and solrmarc-tech,
> Currently I have solr access blocked by the firewall. But I want to allow
> access to search results so that librarians can experiment with relevance
> ranking. And I'd like to allow access to the solr admin page (I don't
> think there is a form to change the index there) for anyone that wants to
> see the stemming information.
> So I want to find a way to open the solr port, but lock down access to the
> solr /update url so that it's accessible only from localhost.
> I will be looking into Tomcat configuration and the like, but if you are
> already doing something like this I'd appreciate any advice! And if
> there's anything else I should be careful to lock down, I'd appreciate that
> advice as well.