Securing the Solr administrative console
Protect access to the full-text search service by securing the Solr administrative console.
About this task
The Solr administrative console, which is hosted by the IBM® WebSphere® Application Server administrative console, is not protected by default. If you deploy the Solr server outside your firewall and you do not secure access to the console before you begin indexing the HCL Compass database, then anyone who knows the console URL can search the full-text search index without authenticating. For example, in this scenario, a user who knows the Solr console URL might search the index for a social security number, and the search results might return a list of HCL Compass record DBIDs that contain the social security number. While the user cannot access the HCL Compass database by using the DBIDs returned in the search results, the user now knows that the social security number exists in the database.
If you have deployed the Solr server outside your firewall, follow the steps outlined in this topic to secure the WebSphere Application Server profile for HCL Compass full-text search and prevent unauthorized access to the search index.