如何使用 IPAccessHandler 在集群 Solr 环境中限制 IP?
[英]How to restrict IPs in a clustered Solr environment using IPAccessHandler?
问题描述
We have a clustered system of Solr (two instances running in two servers) where the quorum is being maintained using zookeeper.
我们有一个 Solr 集群系统(两个实例在两台服务器上运行),其中使用 zookeeper 维护仲裁。 We can access Solr by either hitting the direct server URLs or a blanket load balancer URL.我们可以通过点击直接服务器 URL 或一揽子负载均衡器 URL 来访问 Solr。 We need to whitelist a few IPs accessing these three URLs我们需要将访问这三个 URL 的几个 IP 列入白名单
I've already tried the steps mentioned here: Restricting IP addresses for Jetty and Solr我已经尝试过这里提到的步骤: 限制 Jetty 和 Solr 的 IP 地址
and here: http://lucene.472066.n3.nabble.com/How-To-Secure-Solr-by-IP-Address-td4304491.html在这里: http : //lucene.472066.n3.nabble.com/How-To-Secure-Solr-by-IP-Address-td4304491.html
The problem with the first approach is that I can't add multiple IPs for whitelisting第一种方法的问题是我无法添加多个 IP 进行白名单
The problem with the second approach is although it allows multiple IPs in a string array to be whitelisted, when we are accessing Solr with the load balancer URL, it is not identifying the whitelisted IPs.第二种方法的问题是,虽然它允许将字符串数组中的多个 IP 列入白名单,但当我们使用负载均衡器 URL 访问 Solr 时,它无法识别列入白名单的 IP。 Only if we hit individual server URLs it's working fine只有当我们点击单个服务器 URL 时它才能正常工作
Also, I tried calling the addWhite method, but that also didn't work and Solr failed to startup.另外,我尝试调用 addWhite 方法,但这也不起作用,并且 Solr 无法启动。
<New id="IPAccessHandler"
class="org.eclipse.jetty.server.handler.IPAccessHandler">
<Set name="white">
<Array type="String">
<Item>127.0.0.1</Item>
<Item>-.-.-.-|/solr/techproducts/select</Item>
</Array>
</Set>
<Set name="whiteListByPath">false</Set>
<Set name="handler">
<New id="Contexts"
class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Set>
</New>
This doesn't work with load balancer这不适用于负载平衡器
<New class="org.eclipse.jetty.server.handler.IPAccessHandler">
<Call name="addWhite">
<Arg>xxx.xxx.xxx.xxx</Arg>
</Call>
<Set name="handler">
<!-- here's where you put what was there before: -->
<New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Set>
</New>
This doesn't allow multiple IPs to be passed as parameter for whitelisting这不允许将多个 IP 作为参数传递给白名单
1 个解决方案
解决方案1
0 2020-06-09 21:05:33
Perhaps this is too late of a response, but I had the same issue with needing to whitelist multiple IP addresses, so I thought I'd share the solution I found.也许这为时已晚,但我在需要将多个 IP 地址列入白名单时遇到了同样的问题,所以我想我会分享我找到的解决方案。 I am running Jetty 8.1.16.v20140903 as part of a CollabNet Subversion Edge installation and this worked for me:我正在运行 Jetty 8.1.16.v20140903 作为 CollabNet Subversion Edge 安装的一部分,这对我有用:
<New class="org.eclipse.jetty.server.handler.IPAccessHandler">
<Call name="setWhite">
<Arg>
<Array type="java.lang.String">
<Item>xxx.xxx.xxx.xxx</Item>
<Item>yyy.yyy.yyy.yyy</Item>
</Array>
</Arg>
</Call>
<Set name="handler">
<New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Set>
</New>
Notice that I changed the Call tag to use setWhite and changed the Arg to contain an Array .请注意,我将Call标记更改为使用setWhite并将Arg更改为包含一个Array 。 I made this change based on what I saw in the JavaDoc for Jetty 8.1.16: http://archive.eclipse.org/jetty/8.1.16.v20140903/apidocs/org/eclipse/jetty/server/handler/IPAccessHandler.html我根据我在 Jetty 8.1.16 的 JavaDoc 中看到的内容进行了此更改: http : //archive.eclipse.org/jetty/8.1.16.v20140903/apidocs/org/eclipse/jetty/server/handler/IPAccessHandler。 html
The comment MatsLindh made may be a better long-term solution (controlling access via the OS firewall), but the method I did here should also get the job done. MatsLindh发表的评论可能是一个更好的长期解决方案(通过操作系统防火墙控制访问),但我在这里所做的方法也应该可以完成工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.