solr/solr-ref-guide/src/securing-solr.adoc - lucene-solr - Git at Google

 = Securing Solr
 :page-children: authentication-and-authorization-plugins, enabling-ssl, audit-logging, zookeeper-access-control, security-ui
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 [WARNING]
 ====
 No Solr API, including the Admin UI, is designed to be exposed to non-trusted parties. Tune your firewall so that only trusted computers and people are allowed access. Because of this, the project will not regard e.g., Admin UI XSS issues as security vulnerabilities. However, we still ask you to report such issues in JIRA.
 ====

 When planning how to secure Solr, you should consider which of the available features or approaches are right for you:

 == Encryption with TLS (SSL) Certificates

 Ecrypting traffic to/from Solr and between Solr nodes prevents sensitive data to be leaked out on the network. TLS is also normally a requirement to prevent credential sniffing when using Authentication.

 See the page <<enabling-ssl.adoc#,Enabling TLS (SSL)>> for details.

 == Authentication, Authorization and Audit Logging

 Use the <<security-ui.adoc#,Security>> screen in the Admin UI to manage users, roles, and permissions.

 See chapter <<authentication-and-authorization-plugins.adoc#,Configuring Authentication and Authorization>> to learn how to work with the `security.json` file.

 [#securing-solr-auth-plugins]
 === Authentication Plugins

 Authentication makes sure you know the identity of your users. The authentication plugins shipping with Solr are:

 // tag::list-of-authentication-plugins[]
 * <<kerberos-authentication-plugin.adoc#,Kerberos Authentication Plugin>>
 * <<basic-authentication-plugin.adoc#,Basic Authentication Plugin>>
 * <<hadoop-authentication-plugin.adoc#,Hadoop Authentication Plugin>>
 * <<jwt-authentication-plugin.adoc#,JWT Authentication Plugin>>
 // end::list-of-authentication-plugins[]

 === Authorization Plugins

 Authorization makes sure that only users with the necessary roles/permissions can access any given resource. The authorization plugins shipping with Solr are:

 // tag::list-of-authorization-plugins[]
 * <<rule-based-authorization-plugin.adoc#,Rule-Based Authorization Plugin>>
 * <<rule-based-authorization-plugin.adoc#,External Role Rule-Based Authorization Plugin>>
 // end::list-of-authorization-plugins[]

 === Audit Logging Plugins

 Audit logging will record an audit trail of incoming reqests to your cluster, such as users being denied access to admin APIs. Learn more about audit logging and how to implement an audit logger plugin here in the <<audit-logging.adoc#,Audit Logging>> chapter.

 == Request Logging

 Solr can optionally log every incoming HTTP(s) request in the standard https://en.wikipedia.org/wiki/Common_Log_Format[`NCSA format`]. You can enable request logging by setting `SOLR_REQUESTLOG_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`.

 == Enable IP Access Control

 Restrict network access to specific hosts, by setting `SOLR_IP_WHITELIST`/`SOLR_IP_BLACKLIST` via environment variables or in `solr.in.sh`/`solr.in.cmd`.

 [source,bash]
 ----
 # Allow IPv4/IPv6 localhost, the 192.168.0.x IPv4 network, and 2000:123:4:5:: IPv6 network.
 SOLR_IP_WHITELIST="127.0.0.1, [::1], 192.168.0.0/24, [2000:123:4:5::]/64"
 # Explicitly deny access to two problematic hosts.
 SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4"
 ----

 == Securing ZooKeeper Traffic

 ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure
 its content is covered in the <<zookeeper-access-control.adoc#,ZooKeeper Access Control>> page.

 == Enable Security Manager

 Solr can run in a Java Security Manager sandbox by setting `SOLR_SECURITY_MANAGER_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`. This feature is incompatible with Hadoop.
	= Securing Solr
	:page-children: authentication-and-authorization-plugins, enabling-ssl, audit-logging, zookeeper-access-control, security-ui
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	[WARNING]
	====
	No Solr API, including the Admin UI, is designed to be exposed to non-trusted parties. Tune your firewall so that only trusted computers and people are allowed access. Because of this, the project will not regard e.g., Admin UI XSS issues as security vulnerabilities. However, we still ask you to report such issues in JIRA.
	====

	When planning how to secure Solr, you should consider which of the available features or approaches are right for you:

	== Encryption with TLS (SSL) Certificates

	Ecrypting traffic to/from Solr and between Solr nodes prevents sensitive data to be leaked out on the network. TLS is also normally a requirement to prevent credential sniffing when using Authentication.

	See the page <<enabling-ssl.adoc#,Enabling TLS (SSL)>> for details.

	== Authentication, Authorization and Audit Logging

	Use the <<security-ui.adoc#,Security>> screen in the Admin UI to manage users, roles, and permissions.

	See chapter <<authentication-and-authorization-plugins.adoc#,Configuring Authentication and Authorization>> to learn how to work with the `security.json` file.

	[#securing-solr-auth-plugins]
	=== Authentication Plugins

	Authentication makes sure you know the identity of your users. The authentication plugins shipping with Solr are:

	// tag::list-of-authentication-plugins[]
	* <<kerberos-authentication-plugin.adoc#,Kerberos Authentication Plugin>>
	* <<basic-authentication-plugin.adoc#,Basic Authentication Plugin>>
	* <<hadoop-authentication-plugin.adoc#,Hadoop Authentication Plugin>>
	* <<jwt-authentication-plugin.adoc#,JWT Authentication Plugin>>
	// end::list-of-authentication-plugins[]

	=== Authorization Plugins

	Authorization makes sure that only users with the necessary roles/permissions can access any given resource. The authorization plugins shipping with Solr are:

	// tag::list-of-authorization-plugins[]
	* <<rule-based-authorization-plugin.adoc#,Rule-Based Authorization Plugin>>
	* <<rule-based-authorization-plugin.adoc#,External Role Rule-Based Authorization Plugin>>
	// end::list-of-authorization-plugins[]

	=== Audit Logging Plugins

	Audit logging will record an audit trail of incoming reqests to your cluster, such as users being denied access to admin APIs. Learn more about audit logging and how to implement an audit logger plugin here in the <<audit-logging.adoc#,Audit Logging>> chapter.

	== Request Logging

	Solr can optionally log every incoming HTTP(s) request in the standard https://en.wikipedia.org/wiki/Common_Log_Format[`NCSA format`]. You can enable request logging by setting `SOLR_REQUESTLOG_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`.

	== Enable IP Access Control

	Restrict network access to specific hosts, by setting `SOLR_IP_WHITELIST`/`SOLR_IP_BLACKLIST` via environment variables or in `solr.in.sh`/`solr.in.cmd`.

	[source,bash]
	----
	# Allow IPv4/IPv6 localhost, the 192.168.0.x IPv4 network, and 2000:123:4:5:: IPv6 network.
	SOLR_IP_WHITELIST="127.0.0.1, [::1], 192.168.0.0/24, [2000:123:4:5::]/64"
	# Explicitly deny access to two problematic hosts.
	SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4"
	----

	== Securing ZooKeeper Traffic

	ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure
	its content is covered in the <<zookeeper-access-control.adoc#,ZooKeeper Access Control>> page.

	== Enable Security Manager

	Solr can run in a Java Security Manager sandbox by setting `SOLR_SECURITY_MANAGER_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`. This feature is incompatible with Hadoop.