lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GW <thegeofo...@gmail.com>
Subject Re: AJAX access to Solr Server
Date Fri, 25 Dec 2015 22:52:43 GMT
I would put in a basic iptables statement to allow only your webserver to
prevent

http://172.16.0.22:8983/solr/products/update?stream.body=%3Cdelete%3E%3Cquery%3E*:*%3C/query%3E%3C/delete%3E&commit=true

On 25 December 2015 at 14:58, Eric Dain <ericdain95@gmail.com> wrote:

> Thanks, that is very helpful.
>
> Have you tried denying access to some fields in the documents?
>
> On Fri, Dec 25, 2015 at 11:31 AM, Doug Turnbull <
> dturnbull@opensourceconnections.com> wrote:
>
> > We do this all the time, whitelisting only the readonly search end points
> > we want to support and disallowing excessively large paging.
> >
> > Here is a template for an nginx solr proxy. The read me describes more of
> > our philosophy
> >
> > https://github.com/o19s/solr_nginx
> >
> > On Friday, December 25, 2015, Eric Dain <ericdain95@gmail.com> wrote:
> >
> > > Hi all,
> > >
> > > Does allowing javascript direct access to SolrCloud raise security
> > concern?
> > > should I build a REST service in between?
> > >
> > > I need to provide async search capability to web pages. the pages will
> be
> > > public with no authentication.
> > >
> > > Happy searching,
> > > Eric
> > >
> >
> >
> > --
> > *Doug Turnbull **| *Search Relevance Consultant | OpenSource Connections
> > <http://opensourceconnections.com>, LLC | 240.476.9983
> > Author: Relevant Search <http://manning.com/turnbull>
> > This e-mail and all contents, including attachments, is considered to be
> > Company Confidential unless explicitly stated otherwise, regardless
> > of whether attachments are marked as such.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message