Standalone Solr Listen to Localhost only
Submitted by sysadmin on Thu, 06/05/2010 - 06:58
I like firewalls as much a the next man. But sometimes they're just not necessary. Back in the day (back in the world of banking) I used to review sites that had a liberal sprinkling of firewalls. Literally. I remember one site that had as many firewalls as they did servers!
One of the key issues that changed this situation was explaining to people about ports. If something isnt listening on that port, then you dont need a firewall. Simples. Well, in practice you need to stop and detect unauthorised ingress and egress, tcp connection and protocol checking etc but for the vast majority of sites this can and should be performed at a choke point. Not on every piece of infrastructure for the sake of it. Least of all because it will chew up your staffs time monitoring, patching, key cycling etc.
Much better, where possible, to have a belt and braces approach and not listen on the network unless you really want to. Some software like solr comes with a pretty open default (you're meant to be a professional...) so to make solr listen on localhost only you have to add this into the jetty config in etc/jetty.xml
<!-- Use this connector if NIO is not available. -->
<!-- This connector is currently being used for Solr because the
nio.SelectChannelConnector showed poor performance under WindowsXP
from a single client with non-persistent connections (35s vs ~3min)
to complete 10,000 requests)
-->
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.bio.SocketConnector">
<Set name="host"><SystemProperty name="jetty.host" default="127.0.0.1" /></Set>
<Set name="port"><SystemProperty name="jetty.port" default="8983"/></Set>
<Set name="maxIdleTime">50000</Set>
<Set name="lowResourceMaxIdleTime">1500</Set>
</New>
</Arg>
</Call>Drupal Services
- Architecture
- Configuration
- Custom modules
- Custom themes
- Performance tuning
- Emergencies
Linux Services
- EC2 performance computing
- Linux desktop migration
- LAMP configuration
- Networking services
- Professional hosting
- Backup solutions
- Migration to Linux
Security Services
- System hardening
- Application security testing
- Cryptography and key management
- Intrusion detection
- Due dilligence
Recent blog posts
- Install and configure Ejabberd 2.1 on Ubuntu 10.4
- Drupal, OpenID and Google
- Multisites and Apache Vhosts with Project Mercury
- ERROR 1018 (HY000): Can't read dir of '.' (errno: 24) and other jazz funk classics
- Standalone Solr Listen to Localhost only
- Conditional CCK fields module discovered!
- Resend Drupal registration email
- drush snippet for ubercart site install
- How to create an internal Certificate authority
- Apache2, Subversion and Webdav
Comments
Post new comment