Ethan,
It could be a mixed bag really from on/off campus to access to only certain buildings, laboratories inside of buildings down to individual IP addresses.
I do like the idea of abstracting the actual IP values using a value like you suggest. The ranges can be managed; grown or shrunk without having to reindex.
Thanks,
Chad
----- Original Message -----
From: "Ethan Gruber" <[log in to unmask]>
To: [log in to unmask]
Sent: Wednesday, January 7, 2015 11:55:38 AM
Subject: Re: [CODE4LIB] Restrict solr index results based on client IP
There are a few ways to do this, and yes, some version of #2 is desirable.
I think it may depend on how specific these IP addresses are. Do you
anticipate that one IP range may have access to X documents and a different
IP range may have access to Y documents, or will all IP ranges have access
to the same restricted documents (i.e., anyone on campus can access
everything). The former scenario requires IPs to stored in the Solr docs
and the second only requires a boolean field type, e.g. restricted =
yes/no. In fact, in the former scenario, you'd probably want to associate
the IP range with of key of some sort, e.g.
In the schema, have field name="group"
In your doc have the group field contain the value "medical_school". Then
somewhere in your application (not stored and indexed in Solr), you can say
that "medical_school" carries the ranges 192.168,1.*, 192.168.2.*, etc.
That way, if the medical school picks up a new IP range or the range
changes, you can make a minor update to your application without having to
reindex content in Solr.
Ethan
On Wed, Jan 7, 2015 at 11:41 AM, Chad Mills <[log in to unmask]> wrote:
> Hello,
>
> Basically I have a solr index where, at times, some of the results from a
> query will only be limited to a set of users based on their clients IP
> address. I have been thinking about accomplishing this in either two ways.
>
> 1) Post-processing the results for IP validity against an external data
> source and dropping out those results which are not valid. That could
> leave me with a portioned result list that would need another query to fill
> back in. Say I want 10 results, I end up dropping 2 of them, I need to
> fill back in those 2 by performing another query.
>
> 2) Making the IP permission check part of the query. Basically appending
> an AND in the query on a field that stores the permissible IP addresses.
> The index field would be set to allow all IPs to access the result by
> default, but at times can contain the allowable IP addresses or maybe even
> ranges somehow.
>
> Are there some other ways to accomplish this I haven't considered? Right
> now #2 sounds seems more desirable to me.
>
> Thanks in advance for your thoughts!
>
> --
> Chad Mills
> Digital Library Architect
> Ph: 848.932.5924
> Fax: 848.932.1386
> Cell: 732.309.8538
>
> Rutgers University Libraries
> Scholarly Communication Center
> Room 409D, Alexander Library
> 169 College Avenue, New Brunswick, NJ 08901
>
> https://rucore.libraries.rutgers.edu/
>
|