<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi Rick,</p>
<p><br>
</p>
<p>I think this would be a false positive, since it's the Solr index that runs on port 8090.
</p>
<p><br>
</p>
<p>However, its strongly recommend that Solr be firewalled off so that the only clients accessing it are your own. That means only allowing access from whatever host your backend, frontend, public, and indexer are running on.
</p>
<p><br>
</p>
<p>b,chris. <br>
</p>
<p><br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div class="BodyFragment"><font size="2">
<div class="PlainText">Chris Fitzpatrick | <font size="2">Developer, ArchivesSpace</font><br>
Skype: chrisfitzpat | Phone: 918.236.6048<br>
http://archivesspace.org/<br>
</div>
</font></div>
</div>
</div>
<div style="color: rgb(0, 0, 0);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> archivesspace_users_group-bounces@lyralists.lyrasis.org <archivesspace_users_group-bounces@lyralists.lyrasis.org> on behalf of Neal, Rick
<rneal@richmond.edu><br>
<b>Sent:</b> Tuesday, June 2, 2015 9:49 PM<br>
<b>To:</b> Archivesspace Users Group<br>
<b>Subject:</b> [Archivesspace_Users_Group] Security question</font>
<div> </div>
</div>
<div>
<div style="">
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D">Hello All,</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D">I am running a security scan on our Archivesspace test server and received a notice that I have a ‘Browsable web directory’.</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D">I have removed ‘Indexes’ from the httpd.conf file but the directory is still browsable on
<a style="color: blue; text-decoration: underline;" href="http://servername:8090">
http://servername:8090</a>. </span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D">Any thoughts on how to stop this from occurring would be appreciated.</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D">Thanks,</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D">Rick</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<div>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Rick Neal</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Library Applications and Systems Administrator</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Boatwright Memorial Library</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">University of Richmond, VA 23173</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">rneal@richmond.edu</span></p>
</div>
<div id="divtagdefaultwrapper">
<div>
<div>
<div>
<div>
<p style="background: white none repeat scroll 0% 0%; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">
<span style="font-size:10.0pt; font-family:"Georgia","serif"; color:black"> </span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>