限制 Jetty 和 Solr 的 IP 地址 [英] Restricting IP addresses for Jetty and Solr
问题描述
我正在使用 Jetty 设置 Solr.我想限制对几个 IP 地址的访问.使用 Jetty 可以做到这一点似乎并不明显.有可能吗?如果有,怎么做?
I'm setting up Solr using Jetty. I would like to restrict access to only a few IP addresses. It doesn't seem immediately obvious that this can be done using Jetty. Is it possible and if so, how?
推荐答案
Solr 4.2.1 使用 Jetty 8.1.8.Jetty 8(如 jonas789 所述)不支持 .htaccess.相反,它使用 IPAccessHandler,它没有很好的文档可用.我不得不玩了很久才能让它工作,所以我在这里发布了一个更新的解决方案.
Solr 4.2.1 uses Jetty 8.1.8. Jetty 8 (as noted by jonas789) doesn't support .htaccess. Instead, it uses IPAccessHandler, which doesn't have great documentation available. I had to play with it quite a bit to get it work, so I'm posting an updated solution here.
IPAccessHandler管理黑名单和白名单,接受任意范围的 IP,并支持将特定的 URI 路径附加到每个白/黑名单条目.IPAccessHandler 还继承了 HandlerWrapper,这很重要.
IPAccessHandler manages a blacklist and a whitelist, accepts arbitrary ranges of IPs, and supports attaching specific URI paths to each white/black -list entry. IPAccessHandler also subclasses HandlerWrapper, which turns out to be important.
solr 应用程序仍然存在于 WebAppContext(如 Lyndsay 的解决方案中)中,但 WebAppContext 现在由 ContextHandler 管理,后者驻留在 ContextHandlerCollection 中,占据服务器中的第一个处理程序槽.为了阻止来自错误 IP 的请求到达应用程序,我们需要将它包装在沿该路径某处的 IPAccessHandler 中.如果 IPAccessHandler 位于错误的位置,它的行为会很奇怪:我尝试在上下文处理程序之前插入它,它给错误的机器提供了 403 Forbidden,抛出 NullPointerException 大发脾气,没有额外的错误消息,各种各样的废话.我最终通过在服务器级别包装 ContextHandlerCollection 本身使其工作.
The solr app still lives in a WebAppContext (as in Lyndsay's solution), but a WebAppContext is now governed by a ContextHandler, which resides in a ContextHandlerCollection occupying the first handler slot in the server. To stop requests from the wrong IP from getting to the app, we need to wrap it inside an IPAccessHandler somewhere along that path. IPAccessHandler behaves oddly if it's in the wrong spot: I tried inserting it before the context handlers and it gave 403 Forbidden to the wrong machines, threw NullPointerException tantrums with no additional error messages, all sorts of nonsense. I finally got it to work by wrapping the ContextHandlerCollection itself, at the server level.
转到 etc/jetty.xml 并滚动到处理程序部分.然后将现有的 ContextHandlerCollection 项包装如下:
Go to etc/jetty.xml and scroll to the handlers section. Then wrap the existing ContextHandlerCollection item as follows:
<!-- =========================================================== -->
<!-- Set handler Collection Structure -->
<!-- =========================================================== -->
<Set name="handler">
<New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.eclipse.jetty.server.Handler">
<Item>
<!-- here begins the new stuff -->
<New class="org.eclipse.jetty.server.handler.IPAccessHandler">
<Call name="addWhite">
<Arg>xxx.xxx.xxx.xxx</Arg>
</Call>
<Set name="handler">
<!-- here's where you put what was there before: -->
<New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Set>
</New>
<!-- here ends the new stuff -->
</Item>
<Item>
<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</Item>
<Item>
<New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler"/>
</Item>
</Array>
</Set>
</New>
</Set>
资源:
- http://comments.gmane.org/gmane.comp.java.jetty.support/6066
- http://wiki.eclipse.org/Jetty#Configuration_Reference
- http://wiki.eclipse.org/Jetty/Reference/jetty.xml_syntax莉>
- http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/server/handler/IPAccessHandler.html
这篇关于限制 Jetty 和 Solr 的 IP 地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
