限制Jetty和Solr的IP地址 [英] Restricting IP addresses for Jetty and Solr
问题描述
我正在使用Jetty设置Solr。我想限制只访问几个IP地址。使用Jetty可以做到这一点似乎并不明显。是否有可能,如果是,如何?
I'm setting up Solr using Jetty. I would like to restrict access to only a few IP addresses. It doesn't seem immediately obvious that this can be done using Jetty. Is it possible and if so, how?
推荐答案
Solr 4.2.1使用Jetty 8.1.8。 Jetty 8(由jonas789指出)不支持.htaccess。相反,它使用IPAccessHandler,它没有很好的文档。为了让它起作用,我不得不玩它很多,所以我在这里发布了一个更新的解决方案。
Solr 4.2.1 uses Jetty 8.1.8. Jetty 8 (as noted by jonas789) doesn't support .htaccess. Instead, it uses IPAccessHandler, which doesn't have great documentation available. I had to play with it quite a bit to get it work, so I'm posting an updated solution here.
IPAccessHandler 管理黑名单和白名单,接受任意范围的IP,以及支持将特定的URI路径附加到每个white / black -list条目。 IPAccessHandler也是HandlerWrapper的子类,后来证明这很重要。
IPAccessHandler manages a blacklist and a whitelist, accepts arbitrary ranges of IPs, and supports attaching specific URI paths to each white/black -list entry. IPAccessHandler also subclasses HandlerWrapper, which turns out to be important.
solr app仍然存在于WebAppContext中(如在Lyndsay的解决方案中),但是WebAppContext现在由一个ContextHandler,驻留在ContextHandlerCollection中,占用服务器中的第一个处理程序槽。要阻止来自错误IP的请求进入应用程序,我们需要将其包含在沿该路径某处的IPAccessHandler内。 IPAccessHandler在错误的位置表现得很奇怪:我尝试在上下文处理程序之前插入它它给了403 Forbidden到错误的机器,抛出NullPointerException发脾气而没有其他错误消息,各种废话。我终于通过在服务器级别包装ContextHandlerCollection本身来实现它。
The solr app still lives in a WebAppContext (as in Lyndsay's solution), but a WebAppContext is now governed by a ContextHandler, which resides in a ContextHandlerCollection occupying the first handler slot in the server. To stop requests from the wrong IP from getting to the app, we need to wrap it inside an IPAccessHandler somewhere along that path. IPAccessHandler behaves oddly if it's in the wrong spot: I tried inserting it before the context handlers and it gave 403 Forbidden to the wrong machines, threw NullPointerException tantrums with no additional error messages, all sorts of nonsense. I finally got it to work by wrapping the ContextHandlerCollection itself, at the server level.
转到 etc / jetty.xml 并滚动到处理程序部分。然后包装现有的ContextHandlerCollection项,如下所示:
Go to etc/jetty.xml and scroll to the handlers section. Then wrap the existing ContextHandlerCollection item as follows:
<!-- =========================================================== -->
<!-- Set handler Collection Structure -->
<!-- =========================================================== -->
<Set name="handler">
<New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.eclipse.jetty.server.Handler">
<Item>
<!-- here begins the new stuff -->
<New class="org.eclipse.jetty.server.handler.IPAccessHandler">
<Call name="addWhite">
<Arg>xxx.xxx.xxx.xxx</Arg>
</Call>
<Set name="handler">
<!-- here's where you put what was there before: -->
<New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Set>
</New>
<!-- here ends the new stuff -->
</Item>
<Item>
<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</Item>
<Item>
<New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler"/>
</Item>
</Array>
</Set>
</New>
</Set>
资源:
- http://comments.gmane.org/gmane.comp.java.jetty.support / 6066
- http://wiki.eclipse.org/Jetty#Configuration_Reference
- http://wiki.eclipse.org/Jetty /Reference/jetty.xml_syntax
- http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/server/handler/IPAccessHandler.html
- http://comments.gmane.org/gmane.comp.java.jetty.support/6066
- http://wiki.eclipse.org/Jetty#Configuration_Reference
- http://wiki.eclipse.org/Jetty/Reference/jetty.xml_syntax
- http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/server/handler/IPAccessHandler.html
这篇关于限制Jetty和Solr的IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
