<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>

</head>

<body dir="ltr">

<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">

<p>Hey Rick,</p>

<p><br>

</p>

<p>Sure, I understand. But if the app is firewalled, this would probably not much of a threat, since only the ASpace webapps would be accessing Solr.</p>

<p><br>

</p>

<p>But, if you want to change this, you'll have to set the parameter in Jetty, if you're using the default jetty deployment ( and not something like Tomcat ).To do this, add this line to your launcher/launcher.rb file at line 44:</p>

<p><br>

</p>

<p>context.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed","false") if webapp[:war].include?("solr.war")   <br>

</p>

<p><br>

</p>

<p><br>

</p>

<p>( That should all be one line, just in case it's getting wacked by the email formatting ).

</p>

<p>Then restart ASpace. This should cause a directory listing to respond with a 403.

</p>

<p><br>

</p>

<p>b,chris. <br>

</p>

<p><br>

</p>

<p>BTW, Solr doesn't really come with an security protection built-in, which they do by design since it's assumed you'll have an application in front of the index. So, if it's not firewalled, anyone can do stuff like delete your whole index...</p>

<p><br>

</p>

<p><br>

</p>

<div id="Signature">

<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">

<div class="BodyFragment"><font size="2">

<div class="PlainText">Chris Fitzpatrick | <font size="2">Developer, ArchivesSpace</font><br>

Skype: chrisfitzpat  | Phone: 918.236.6048<br>

http://archivesspace.org/<br>

</div>

</font></div>

</div>

</div>

<div style="color: rgb(0, 0, 0);">

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> archivesspace_users_group-bounces@lyralists.lyrasis.org <archivesspace_users_group-bounces@lyralists.lyrasis.org> on behalf of Neal, Rick

 <rneal@richmond.edu><br>

<b>Sent:</b> Wednesday, June 3, 2015 3:21 PM<br>

<b>To:</b> Archivesspace Users Group<br>

<b>Subject:</b> [Archivesspace_Users_Group] Security question - Better description</font>

<div> </div>

</div>

<div>

<div style="">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">Chris,</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">I’m sorry, I really didn’t explain the problem well enough.</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">It is true that if I go to: 

</span><span style="font-family:"Calibri","sans-serif"; color:#1F497D"><a style="color: blue; text-decoration: underline;" href="http://servername:8090">http://servername:8090</a> I see the Solr dashboard with no problem.</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">However, if I add a subdirectory name at the end</span> (

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"><a style="color: blue; text-decoration: underline;" href="http://servername:8090/css">http://servername:8090/css</a></span><span style="font-family:"Calibri","sans-serif"; color:#1F497D">/ ) or

 any of the other subdirectory names in the list below (except for WEB-INF or META-INF) I see the directory listing in the browser.  If I try to list the WEB-INF or META-INF subdirectories to the end of the url I get an:  HTTP ERROR 404, Problem accessing /WEB-INF/.

 Reason:  Not Found</span><span style="font-size:10.0pt; font-family:"Courier New""></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">[root@servername webapp]# pwd</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">/usr/local/as/data/tmp/jetty-0.0.0.0-8090-solr.war-_-any-/webapp</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">[root@servername webapp]# ls -altr</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">total 44</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">-rw-r--r-- 1 root root 1146 Sep 22  2012 favicon.ico</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">-rw-r--r-- 1 root root 4930 Sep 22  2012 admin.html</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">drwxr-xr-x 4 root root 4096 Jun  1 04:05 WEB-INF</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">drwxr-xr-x 3 root root 4096 Jun  1 04:05 css</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">drwxr-xr-x 8 root root 4096 Jun  1 04:05 .</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">drwxr-xr-x 4 root root 4096 Jun  1 04:05 img</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">drwxr-xr-x 4 root root 4096 Jun  1 04:05 js</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">drwxr-xr-x 2 root root 4096 Jun  1 04:05 tpl</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">drwxr-xr-x 2 root root 4096 Jun  1 04:05 META-INF</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">drwxr-xr-x 3 root root 4096 Jun  1 04:05 ..</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">My goal is to get the browser to stop listing the directory(s). 

</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">Thanks again for your help with this.</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D">Rick</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<b><span style="font-size:24.0pt; color:#FC390E">Directory: /img/</span></b></p>

<table class="MsoNormalTable" border="0" cellpadding="0">

<tbody>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">Parent Directory</span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in"></td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in"></td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/ZeroClipboard.swf"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">ZeroClipboard.swf </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>1071 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/chosen-sprite.png"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">chosen-sprite.png </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>559 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/div.gif"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">div.gif </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>1093 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/favicon.ico"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">favicon.ico </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>1146 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/filetypes/"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">filetypes/ </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>4096 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Jun 1, 2015 3:05:15 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/ico/"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">ico/ </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>4096 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Jun 1, 2015 3:05:15 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/loader-light.gif"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">loader-light.gif </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>1849 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/loader.gif"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">loader.gif </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>1553 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/lucene-ico.png"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">lucene-ico.png </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>1508 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/solr-ico.png"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">solr-ico.png </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>1146 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/solr.png"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">solr.png </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>7926 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

<tr>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i><a style="color: blue; text-decoration: underline;" href="http://metcalf.richmond.edu:8090/img/tree.png"><b><span style="color:#7036BE; font-style:normal; text-decoration:none">tree.png </span></b></a></i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="text-align: right; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="right">

<i>1112 bytes </i></p>

</td>

<td style="padding:1.5pt 11.25pt 1.5pt 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<i>Sep 22, 2012 8:36:50 AM</i></p>

</td>

</tr>

</tbody>

</table>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

 </p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<div>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Rick Neal</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Library Applications and Systems Administrator</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Boatwright Memorial Library</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">University of Richmond, VA 23173</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">rneal@richmond.edu</span></p>

</div>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span></p>

<div>

<div style="border:none; border-top:solid #B5C4DF 1.0pt; padding:3.0pt 0in 0in 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<b><span style="font-size:10.0pt; font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt; font-family:"Tahoma","sans-serif""> archivesspace_users_group-bounces@lyralists.lyrasis.org [mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org]

<b>On Behalf Of </b>Chris Fitzpatrick<br>

<b>Sent:</b> Wednesday, June 03, 2015 6:41 AM<br>

<b>To:</b> Archivesspace Users Group<br>

<b>Subject:</b> Re: [Archivesspace_Users_Group] Security question</span></p>

</div>

</div>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

 </p>

<div id="divtagdefaultwrapper">

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:black">Hi Rick,</span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:black"> </span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:black">I think this would be a false positive, since it's the Solr index that runs on port 8090.

</span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:black"> </span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:black">However, its strongly recommend that Solr be firewalled off so that the only clients accessing it are your own. That means only allowing access from whatever host your

 backend, frontend, public, and indexer are running on. </span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:black"> </span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:black">b,chris.

</span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:black"> </span></p>

<div id="Signature">

<div name="divtagdefaultwrapper">

<div>

<div>

<p style="background: white none repeat scroll 0% 0%; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-size:10.0pt; font-family:"Calibri","sans-serif"; color:black">Chris Fitzpatrick | Developer, ArchivesSpace<br>

Skype: chrisfitzpat  | Phone: 918.236.6048<br>

<a id="LPNoLP" style="color: blue; text-decoration: underline;" href="http://archivesspace.org/">http://archivesspace.org/</a></span></p>

</div>

</div>

</div>

</div>

<div>

<div style="text-align: center; background: white none repeat scroll 0% 0%; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";" align="center">

<span style="font-family:"Calibri","sans-serif"; color:black">

<hr align="center" size="2" width="98%">

</span></div>

<div id="divRplyFwdMsg">

<p style="background: white none repeat scroll 0% 0%; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<b><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">From:</span></b><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:black">

<a style="color: blue; text-decoration: underline;" href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org">

archivesspace_users_group-bounces@lyralists.lyrasis.org</a> <<a style="color: blue; text-decoration: underline;" href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org">archivesspace_users_group-bounces@lyralists.lyrasis.org</a>> on behalf of

 Neal, Rick <<a style="color: blue; text-decoration: underline;" href="mailto:rneal@richmond.edu">rneal@richmond.edu</a>><br>

<b>Sent:</b> Tuesday, June 2, 2015 9:49 PM<br>

<b>To:</b> Archivesspace Users Group<br>

<b>Subject:</b> [Archivesspace_Users_Group] Security question</span><span style="font-family:"Calibri","sans-serif"; color:black">

</span></p>

<div>

<p style="background: white none repeat scroll 0% 0%; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman","serif";">

<span style="font-family:"Calibri","sans-serif"; color:black"> </span></p>

</div>

</div>

<div>

<div>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D">Hello All,</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D">I am running a security scan on our Archivesspace test server and received a notice that I have a ‘Browsable web directory’.</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D">I have removed ‘Indexes’ from the httpd.conf file but the directory is still browsable on

<a style="color: blue; text-decoration: underline;" href="http://servername:8090">

http://servername:8090</a>.  </span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D">Any thoughts on how to stop this from occurring would be appreciated.</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D">Thanks,</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D">Rick</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-family:"Calibri","sans-serif"; color:#1F497D"> </span><span style="color:black"></span></p>

<div>

<p style="background:white"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Rick Neal</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Library Applications and Systems Administrator</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">Boatwright Memorial Library</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D">University of Richmond, VA 23173</span><span style="color:black"></span></p>

<p style="background:white"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"> </span><span style="color:black"></span></p>

<p style="background:white"><span style="font-size:11.0pt; font-family:"Calibri","sans-serif"; color:#1F497D"><a style="color: blue; text-decoration: underline;" href="mailto:rneal@richmond.edu">rneal@richmond.edu</a></span><span style="color:black"></span></p>

</div>

<div id="divtagdefaultwrapper">

<div>

<div>

<div>

<div>

<p style="background:white"><span style="font-size:10.0pt; font-family:"Georgia","serif"; color:black"> </span><span style="color:black"></span></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</body>

</html>