I once had to deal with a severe performance problem caused by a bot that was requesting results starting at 5000. We disallowed requests over a certain number of pages in the front end to fix it.
wunder On Nov 1, 2011, at 12:57 PM, Erik Hatcher wrote: > Be aware that even /select could have some harmful effects, see > https://issues.apache.org/jira/browse/SOLR-2854 (addressed on trunk). > > Even disregarding that issue, /select is a potential gateway to any request > handler defined via /select?qt=/req_handler > > Again, in general it's not a good idea to expose Solr to anything but a > controlled app server. > > Erik > > On Nov 1, 2011, at 15:51 , Alireza Salimi wrote: > >> What if we just expose '/select' paths - by firewalls and load balancers - >> and >> also use SSL and HTTP basic or digest access control? >> >> On Tue, Nov 1, 2011 at 2:20 PM, Chris Hostetter >> <hossman_luc...@fucit.org>wrote: >> >>> >>> : I was wondering if it's a good idea to expose Solr to the outside world, >>> : so that our clients running on smart phones will be able to use Solr. >>> >>> As a general rule of thumb, i would say that it is not a good idea to >>> expose solr directly to the public internet. >>> >>> there are exceptions to this rule -- AOL hosted some live solr instances >>> of the Sarah Palin emails for HufPo -- but it is definitely an expert >>> level type thing for people who are so familiar with solr they know >>> exactly what to lock down to make it "safe" >>> >>> for typical users: put an application between your untrusted users and >>> solr and only let that application generate "safe" welformed requests to >>> Solr... >>> >>> https://wiki.apache.org/solr/SolrSecurity >>> >>> >>> -Hoss >>> >> >> >> >> -- >> Alireza Salimi >> Java EE Developer > -- Walter Underwood Venture Asst. Scoutmaster Troop 14, Palo Alto, CA
