The method to increase Solr's access rights in Tomcat6 is as follows:
Edit tomcat6/Catalina/localhost/solr.xml
<Context docBase="/var/solr/solr.war" debug="0" privileged="true" allowLinking="true" crossContext="true">
<Environment name="solr/home" type="java.lang.String" value="/var/solr" override="true"/>
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.100,localhost,192.168.1.103,127.0.0.1"/>
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="192.168.1.105"/>
</Context>
Refer to the Tomcat configuration documentation: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter
To make the above configuration take effect, you also need to restart the security mechanism of tomcat
Edit sudo vi /etc/default/tomcat6
Comment out the last sentence TOMCAT6_SECURITY=no
To learn more about security mechanisms, check out the Solr Wiki: http://wiki.apache.org/solr/SolrSecurity
Solr's management background function can be described as powerful, but in real online, if the management background address can be publicly accessed, not only the core structure will be exposed, but the index library can even be modified or deleted.
The recommended practice is to set it on apache or other servers, usually disable the external access address, and the project accesses the internal network address of solr (such as: http://localhost:8080/solr/collection1); usually use local for offline debugging solr, if you need to debug online, you can temporarily open the external address, and then close it after use.
If you are using ajp to connect apache and tomcat, please refer to the following red part settings. When you need to open it, comment it out with a # sign in front, and then restart apache ( /etc/httpd/conf/httpd.conf )
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www/html ServerName www.devnote.cn ProxyPass /solr/ ! ProxyPass / ajp://localhost:8009/ ErrorLog logs/www.devnote.cn-error_log CustomLog logs/www.devnote.cn-access_log common </VirtualHost>
Note: If you use the ajp connection method, you cannot use http://localhost: 8009 /solr/collection1 for intranet access, you need to use the default 8080 or your own defined tomcat port.
============= Implementing IP Access Restriction in Tomcat ===============
1
|
<
context
path=”/myapp” reloadable=”true” docBase=”/var/www/myapp” />
|
Change it to the following code:
1
2
3
4
|
<
context
path=”/myapp” reloadable=”true” docBase=”/var/www/myapp”>
<
value
className=”org.apache.catalina.values.RemoteAddrValue”
allow=”127.0.0.1” deny=”″ />
</
context
>
|
1
2
3
4
|
<
context
path=”/myapp” reloadable=”true” docBase=”/var/www/myapp”>
<
value
className=”org.apache.catalina.values.RemoteAddrValue”
allow=”192.168.[1-5].*,192.168.[10-15].*” deny=”″ />
</
context
>
|
After setting, restart Tomcat and it will take effect
Implementing IP Access Restriction in Tomcat
原文:http://zhumeng8337797.blog.163.com/blog/static/10076891420129231118360/
效果:只有指定的主机或IP地址才可以访问部署在Tomcat下的应用。
Tomcat供了两个参数供你配置:RemoteHostValve 和RemoteAddrValve,前者用于限
制主机名,后者用于限制IP地址。
通过配置这两个参数,可以让你过滤来自请求的主机或IP地址,并允许或拒绝哪些主机/IP。
一、全局设置,对Tomcat下所有应用生效
server.xml中添加下面一行,重启服务器即可:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.*" deny=""/>
此行放在</Host>之前。
例:
1,只允许192.168.1.10访问:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.10" deny=""/>
2,只允许192.168.1.*网段访问:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.*" deny=""/>
3,只允许192.168.1.10、192.168.1.30访问:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.10,192.168.1.30" deny=""/>
4,根据主机名进行限制:
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="abc.com" deny=""/>
二、局部设置,仅对具体的应用生效
根据项目配置情况进行设置:
1,使用conf目录下xml文件进行配置${tomcat_root}\conf\proj_1.xml
2,直接在server.xml中进行设置${tomcat_root}\conf\server.xml
在上述文件对应项目的</Context>前增加下面一行:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.*" deny=""/>
加入到<HOST></HOST>标签中
<Context path="/myweb" reloadable="true" docBase="E:\tomcat6\webapps\myweb">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.13.110,192.168.1.*,220.250.13.21" deny=""/>
</Context>
修改文件:
tomcat/conf/server.xml
通过tomcat限制ip访问
<Valve className="org.apache.catalina.valves.RemoteHostValve"
allow="*.mycompany.com,*.a.com"/> 域名限制
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
deny="192.168.1.*"/> IP限制
</Engine>