We do this all the time, whitelisting only the readonly search end points we want to support and disallowing excessively large paging.
Here is a template for an nginx solr proxy. The read me describes more of our philosophy https://github.com/o19s/solr_nginx On Friday, December 25, 2015, Eric Dain <ericdai...@gmail.com> wrote: > Hi all, > > Does allowing javascript direct access to SolrCloud raise security concern? > should I build a REST service in between? > > I need to provide async search capability to web pages. the pages will be > public with no authentication. > > Happy searching, > Eric > -- *Doug Turnbull **| *Search Relevance Consultant | OpenSource Connections <http://opensourceconnections.com>, LLC | 240.476.9983 Author: Relevant Search <http://manning.com/turnbull> This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
