lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Heisey <>
Subject Re: Deliver static html content via solr
Date Tue, 09 Jan 2018 11:38:07 GMT
On 1/7/2018 1:30 PM, Rick Leir wrote:
> The easy solution is to put something like solr-security-proxy [1] in front of a Solr/Velocity
app, and this is working for me. However, this has a blacklist for Solr parms and I think
it should have a whitelist instead. Also, it does not check ranges or filter chars. Is this
proxy adequate for use on the open internet? In particular, what character filtering should
I add to it?

I don't have information like that readily available.  I would be 
worried with any proxy software that something important had been 
forgotten and would open the door to either changing the index or not 
blocking denial of service requests.

My recommendation is to never expose Solr to the Internet, or to anybody 
who is not responsible for its care.  There should always be some kind 
of front end server-side software that handles searching on behalf of 
the user.

Even with those precautions, clever users will probably be able to 
figure out how to send denial of service queries, but without direct 
access to Solr's API, it would not be as vulnerable.


View raw message