Securing Solr Deployments - SearchStax
SearchStax® from Measured Search® takes the security of your Solr search infrastructure very seriously. We have built-in industry-standard security at the level of the cluster, network and management portal (Dashboard). Custom firewall rules enable you to lock down your search infrastructure to a whitelist of IP addresses and IP address ranges.
- Cluster Security
- SearchStax Dashboard Security
Connecting to the Cluster
SearchStax recommends that you situate your application infrastructure in the same local network as your hosting provider (for example, AWS or Azure). Internal network security for these hosting providers is extremely high and eliminates any chance of a hacker potentially sniffing your network traffic.
If your application is hosted elsewhere, try to host it as close to your Search infrastructure
as possible. This can be done by choosing the Cloud Provider Region which is closest to your
application. This improves both security and performance.
SearchStax can limit access to specific IP addresses. You can configure access
for Zookeeper and Solr servers separately.
To limit access to a specific IP address or IP address range:
- From within a Deployment, click on Security > IP filter.
- Click on Add Row.
- Add a specific IP address in the appropriate field.
- Select a service you need to limit access to. If you plan to limit access for both Zookeeper and Solr to the same address, just chose 'Solr + Zookeeper'.
- Click on Save changes.
To remove a filter, click on the X button and then Save changes.
Note that the default entry is 0.0.0.0/0, which allows unrestricted access. You must remove this entry to enable IP access restrictions. If you delete this entry before adding a new IP address, you can lock yourself out. Send email to email@example.com for assistance.
SearchStax Tenant Users
Each SearchStax account is restricted to the owner (and admin) of that account plus any SearchStax users who have been granted access to that account by the owner. The additional users may be enrolled as normal SearchStax operators or as admins at the owner's discretion. See Solr Account Setup.
Solr Authentication and Authorization
You can optionally enable the Solr Authentication and Authorization plugin on your Cluster deployments.
Enabling/Disabling this feature requires Solr services to be restarted.
To enable the Authentication and Authorization plugin:
- Select the desired Deployment and click the Auth link in the main menu.
- Click the Enable button.
- Add a user, entering the username, password and role you want to acquire. Click Add.
You can edit your users as needed.
SearchStax Dashboard Security
The activity log provides you with a list of all user actions within your tenant account, including those of the Measured Search Support team. The list consists of a User column including email of the user who performed the logged change, his/her role, Timestamp of action in UTC, Action itself, Action detail and IP address where the action originated.