Apache Solr endpoint
Description
Apache Solr is an open-source enterprise search platform that provides full-text search, indexing, and data retrieval capabilities. This finding identifies an accessible Solr endpoint that allows unauthenticated users to execute search queries and view results.
While Solr endpoints are designed to be accessible for legitimate search functionality, exposure without proper access controls becomes a security concern when the indexed data contains sensitive, confidential, or non-public information. The risk level depends entirely on the sensitivity of the data stored within the Solr index.
Remediation
Evaluate the sensitivity of data indexed in Solr and implement appropriate access controls:
1. Assess Data Sensitivity: Review all data indexed by Solr to determine if it contains sensitive or confidential information that requires protection.
2. Implement Authentication: Configure authentication mechanisms to restrict access to authorized users only. Use Solr's built-in security features or integrate with existing authentication systems (LDAP, Active Directory, OAuth).
3. Network-Level Restrictions: Limit access to the Solr endpoint using firewall rules, IP whitelisting, or VPN requirements. Ensure the endpoint is not directly accessible from the public internet if not required.
4. Web Server Access Controls: If Solr is behind a reverse proxy (Apache, Nginx), implement access restrictions at the web server level:
# Example Nginx configuration
location /solr/ {
allow 10.0.0.0/8; # Internal network only
deny all;
proxy_pass http://localhost:8983;
}
5. Enable Solr Security: Configure Solr's security.json to enable authentication and authorization plugins as documented in the official Solr Security documentation.
6. Regular Audits: Periodically review access logs and indexed content to ensure no sensitive data is inadvertently exposed.