Do not directly expose Solr to WWW traffic. It isn't designed for that. For example, the admin pages have no access controls.
I can change my request parameters to request a million rows and put a huge load on your server. A few of those, and you are off the air. I can fetch your config, then send a command to DIH to do a full import. And so on. wunder On May 6, 2012, at 5:50 PM, Marcelo Carvalho Fernandes wrote: > Hi Jan, > > I would answer András exactly the oposite :-) I would like to understand > and ask you something. > > Would you see any problem if he had a Apache Httpd configured as reverse > proxy (no PHP in it) in front of Solr just to restrict user access to only > the Solritas's URL? This way Solr would not be directly exposed and he > would not need to develop a PHP site/application. > > Maybe a Varnish layer would be even better as he has 1.000.000+ pageviews a > day. Again, no PHP in this scenario. > > What's your opinion about both solutions? > > Thanks in advance, > > ---- > Marcelo Carvalho Fernandes > +55 21 8272-7970 > +55 21 2205-2786 > > > On Sun, May 6, 2012 at 7:42 PM, Jan Høydahl <jan....@cominvent.com> wrote: > >> Hi, >> >> Solritas (Velocity Response Writer) is NOT intended for production use. >> The simple reason, apart from that it is not production grade quality, is >> that it requires direct access to the Solr instance, as it is simply a >> response writer. You MUST use a separate front end layer above Solr and >> never expose Solr directly to the world. So you should feel totally >> comfortable continuing to use Solr over HTTP from PHP! >> >> -- >> Jan Høydahl, search solution architect >> Cominvent AS - www.cominvent.com >> Solr Training - www.solrtraining.com >> >> On 6. mai 2012, at 14:02, András Bártházi wrote: >> >>> Hi, >>> >>> We're currently evaluating Solr as a Sphinx replacement. Our site has >>> 1.000.000+ pageviews a day, it's a real estate search engine. The >>> development is almost done, and it seems to be working fine, however some >>> of my colleagues come with the idea that we're using it wrong. We're >> using >>> it as a service from PHP/Symfony. >>> >>> They think we should use Solritas as a frontend, so site visitors will >>> directly use it, so no PHP will be involved, so it will be use much less >>> infrastructure. One of them said that even mobile.de using it that way >> (I >>> have found no clue about it at all). >>> >>> Do you think is it a good idea? >>> >>> Do you know services using Solritas as a frontend on a public site? >>> >>> My personal opinion is that using Solritas in production is a very bad >> idea >>> for us, but have not so much experience with Solr yet, and Solritas >>> documentation is far from a detailed, up-to-date one, so don't really >> know >>> what is it really usable for. >>> >>> Thanks, >>> Andras >> >> -- Walter Underwood wun...@wunderwood.org
