lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexandre Rafalovitch <>
Subject Re: Any option to NOT return stack trace in Solr response?
Date Fri, 22 Jul 2016 01:53:36 GMT
I don't think there is a flag.

But the bigger question is whether you are exposing Solr directly to
the client? You should not be. You should have a middleware client
that talks to Solr and then generates web UI or whatever.

If you give untrusted access to Solr, there are too many things that
can be done, starting from deleting the whole index.

It might be possible to have a smart proxy and expose Solr with
heavily filtered valid URLs, then you would need to scrub response.

That's all I can think of without hacking and reregistering with your
own response handler (probably not that hard).

Newsletter and resources for Solr beginners and intermediates:

On 22 July 2016 at 03:35, Koorosh Vakhshoori
<> wrote:
> Hi all,
>   Got a Solr 5.2.1 installation. I am getting following error response when calling the
TERMS component. Now the error is not the point, I know what is going on in this instance.
However, to address security concerns, I am trying to have Solr truncate the stack trace in
the response. Of course I would still want Solr to log the error in its log file. What I was
wondering, if there is a flag or option I can set in solrconfig.xml globally or under TERMS
to omit the trace or just return ' java.lang.NullPointerException'? I have looked at the source
code and don't see anything relevant. However, I may have missed something. Appreciated any
suggestion and pointers.
> <response>
> <lst name="responseHeader">
> <int name="status">500</int>
> <int name="QTime">5</int>
> </lst>
> <lst name="error">
> <str name="trace">
> java.lang.NullPointerException at org.apache.solr.handler.component.SearchHandler.handleRequestBody(
at org.apache.solr.handler.RequestHandlerBase.handleRequest( at
org.apache.solr.core.SolrCore.execute( at org.apache.solr.servlet.HttpSolrCall.execute(
at at org.apache.solr.servlet.SolrDispatchFilter.doFilter(
at org.apache.solr.servlet.SolrDispatchFilter.doFilter( at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
at org.apache.catalina.filters.CorsFilter.handleNonCORS( at org.apache.catalina.filters.CorsFilter.doFilter(
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
at org.apache.catalina.core.StandardWrapperValve.invoke( at
org.apache.catalina.core.StandardContextValve.invoke( at org.apache.catalina.core.StandardHostValve.invoke(
at org.apache.catalina.valves.ErrorReportValve.invoke( at org.apache.catalina.valves.AbstractAccessLogValve.invoke(
at org.apache.catalina.core.StandardEngineValve.invoke( at org.apache.catalina.connector.CoyoteAdapter.service(
at org.apache.coyote.http11.AbstractHttp11Processor.process(
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(
at$SocketProcessor.doRun( at$ at java.util.concurrent.ThreadPoolExecutor.runWorker(
at java.util.concurrent.ThreadPoolExecutor$ at org.apache.tomcat.util.threads.TaskThread$
> </str>
> <int name="code">500</int>
> </lst>
> </response>
> Regards,
> Koorosh

View raw message