Thanks Robert, But do you also think limiting the page size inside a request handler is a good solution for attackers? Honestly, I'm not sure if it's a good solution, that doesn't save a server from attackers at all. Do you agree with me?
We are not security experts, just developers, but any suggestion from you guys is appreciated. thanks On Tue, Nov 1, 2011 at 12:43 PM, Robert Stewart <bstewart...@gmail.com>wrote: > You would need to setup request handlers in solrconfig.xml to limit what > types of queries people can send to SOLR (and define things like max page > size, etc). You need to restrict people from sending update/delete > commands as well. > > Then at the minimum, setup some proxy in front of SOLR that you actually > expose to outside world, something like HAProxy, which you can probably > configure for things like max concurrent requests, etc. in order to > mitigate denial of service attacks. > > > On Nov 1, 2011, at 12:22 PM, Alireza Salimi wrote: > > > Hi, > > > > I was wondering if it's a good idea to expose Solr to the outside world, > > so that our clients running on smart phones will be able to use Solr. > > > > If we decide to do this, what's the security concerns about it? > > > > For example, someone suggested we should limit the number of > > rows requested in order to mitigate the attach of huge result set, > > but I personally don't think it's a great idea, because a hacker > > can run multiple queries simultaneously. > > > > Is there any good reference for this purpose? > > > > Regards > > > > -- > > Alireza Salimi > > Java EE Developer > > -- Alireza Salimi Java EE Developer
