connectors installed on-premise should only be accessible to the frevvo server i.e. http://localhost:8983/, and server and
should not be remotely accessible. Most customers don’t allow external http recommends only allowing HTTPS
access to a the
server (only httpsnot external HTTP access
). Since the connector(s) is not exposed over httpsHTTPS
, remote code execution vulnerability can be mitigated (a remote attacker cannot exploit this vulnerability as it is not exposed). Another option to enhance connector security is to block
If you choose to allow external access to port 8983, for example using firewall rules.HTTP, you should only allow requests with paths starting with /frevvo for port 8082 (or the port you are using for and the Connector(s)).
See also Database Connector Security.