Solr Credentials
Service Name: Apache Solr
Service Description: Apache Solr is an open-source enterprise search platform built on Apache Lucene. It provides distributed indexing, replication, load-balanced querying, automated failover and recovery, centralized configuration, and more. Solr powers the search and navigation features of many large internet sites.
Service Address: https://solr.apache.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through Solr security plugins and firewall rules at the server level.
Secret Access Scope: Grants access to Solr instances, allowing operations such as querying, indexing, administration, and configuration management depending on the permission level of the credentials.
Secret Revokement URL: Does not exist (managed through Solr's security configuration files)
Secret Example: username:password or solr-admin:S0lr@dm1n2023!
Suspicious Activity Investigation Instructions:
- Review Solr logs for unusual query patterns or high volumes of requests
- Check for unauthorized schema modifications or collection creation
- Monitor for unusual data indexing operations or bulk deletions
- Examine access logs for connections from unexpected IP addresses
- Look for attempts to access the Solr admin interface from unauthorized sources
- Check for unusual JMX operations if JMX is enabled
Mitigation Instructions:
- Change the compromised credentials immediately in Solr's security
configuration
- Update the security.json file with new credentials
- Restart the Solr service to apply the security changes
- Consider implementing or updating Solr's authentication plugins (Basic
Authentication, JWT, Kerberos)
- Enable request logging to track future access attempts
- Implement IP filtering to restrict access to trusted networks only
- Consider setting up a reverse proxy in front of Solr for additional security
- Review and update your Solr security configuration to follow best practices