I have a Solr server that returns search results to users via Ajax requests. The request all looks like this: http://abc.com/core1/select?q=...
Now I just realized this would expose my search server to potential "bad" guys. I can have basic authentication on the jetty Solr server but it would block people from calling the search server.
My question is what is the common strategy to fix this ? Should I use the Solrj java client library from my Tomcat webserver to search first and then return the results to users, also firewall the access to the search server completely ? Any other way to get around it ?
Related
I am implementing Solr Cloud for the first time. I've worked with normal Solr and have that down pretty well, but I'm not finding a lot on what you can and can't do with Solr Cloud. So my question is about Managed Resources. I know you can CRUD stop words and synonyms using the new RESTful api in solr. However with the cloud do I need to CRUD my changes to each individual solr server in the cloud, or do I send them to a different url that sends them through to each server? I'm new to cloud and zookeeper. I have not found anything in the solr wiki about working with the managed resources in the cloud setup. Any advice would be helpful.
In SolrCloud configuration and other files like stopwords, are stored and maintained by Zookeeper. Which means you do not need to individually send updates to each server.
Once you have SolrCloud, before putting in any data, you will create a collection. Each collection has its own set of resources/config folder.
So for example if u have a collection called techproducts with 2 servers localhost1 and localhost2 the below command from any of the servers will work on the same resource.
curl "http://localhost1:8983/solr/techproducts/schema/analysis/synonyms/english"
curl "http://localhost2:8983/solr/techproducts/schema/analysis/synonyms/english"
I was thinking to make use of Elastic Search and want to know all the possible loopholes in security for Elastic Search and how to take care of them. Also, what effect will this have in performance of Elastic Search?
Elasticsearch by default is not secure, means anybody who knows your ip can access it. But there are lot of ways to secure it.
In configuration you can set the value of network.bind_host to localhost or your intranet ip so that is is accessible only from that. For more details check out the doc.
You can simply restrict the port access(default is 9200) using iptables.
You can use nginx as a proxy so that you can have all the goodness and configurability of nginx. Read about it at playing http tricks with nginx.
Elastic also has a commercial security product called shield.
There are few other security plugins available on the net also. Though elasticsearch by default is not secured it is easy to setup a security around it.
Of all I personally prefers the nginx proxy as it is very easy to setup and gives me an added advantage of logging all request to elasticsearch via nginx access logs.
Lastly, the security additions will have no/negligible performance impact.
ElasticSearch is insecure by default, however I'd really hesitate to say thats any different than any other service. You shouldn't have your database connection public facing, right? You should really consider treating it like any other services that you wouldn't want publicly accessible. Elasticsearch does provide https and basic auth. So it has the capability to be secure as long as you make it so, but the same can be said about many services you deploy.
Firstly Thanks to stackoverflow which is giving support to everyone.
Iam new to drupal and solr server
I have Successfully installed the solrserver in my system and I can able to search the data using "Apache Solr search module" In drupal7.
But Actually I dont know what is the Background process that is Running.But Inorder to have work with it I need to have a ground knowledge on it.Drupal is connecting to solr server using the url which I have Provided in admin UI.
As Per My knowledge I think the following is the backend flow of Apache solr server module
1)It sends the request of search string from drupal to solr server.
2)The solr server searches for the string and send the result back in the format of json to drupal.
3)Drupal displays the results
But How the solr server connects to drupal db inorder to search for the string or content?
Please help with this..I really In a need to know the backend flow how the request is handling
Thankyou
I'm not a Drupal specialist, but from the Solr prospective you are searching on the documents previously indexed on Solr. I.e., all documents must be indexed on Solr prior to the search.
Therefore, you have 2 ways here:
You call Solr API from your backend and push documents to Solr index. There are specific drupal solutions you may research, but here is the wiki article from Solr prospective describing how to index documents using only JSON API: http://wiki.apache.org/solr/UpdateJSON
You connect to your database directly from Solr and pull documents to Solr index. Here is the related wiki page: http://wiki.apache.org/solr/DataImportHandler
Context:
I have a web application that serves content via RESTful web services
I need to provide a search functionality
This is what I have in mind. Am I on the right track or way off ?
Index seed client:
This component will poll the Application at repeated intervals for data
(I have a WS which returns an XML response)
And then Post the XML to a EMS
Queue Listener:
The Queue Listener will convert the domain XML into Solr doc
And the post the document to Solr to be indexed
Search client:
The client will make a search request to my web application with query parameters
The web application will forward the request to Solr
Solr returns search results to my web application
My web application returns the result back to the client
Alternate flow ?
The search client talks to Solr directly and does the search.
Suggestions?
Searching will depend on your implementation choice of solr server. If you use embbededSolrServer you will need to query via your web client then calling sol. If you are using an httpsolrserver then you can query solr directly.
It also depends on how you want to return the results.
As solr documents?
Or your own interpretation of a solr document?
The later would have to be serviced by your web application
I am making a search query on local Apache Solr Server by browser and see the results.
I want to make Same Query on the production server.
Since tomcat port is blocked on production, I cannot test the query results on the browser.
Is there any method to make query and see the results?
Solr is a java web application: if you can't access the port it's listening to, you can't access Solr itself. There's no other way to retrieve data from a remote location. Usually on production Solr is put behind an apache proxy, so that it protects the whole Solr and makes accessible only the needed contexts, in your case solr/select for example to make queries.