lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Leir <rl...@leirtech.com>
Subject Re: Fwd: solr-security-proxy
Date Fri, 01 Dec 2017 16:52:44 GMT
The default blacklist is qt and stream, because there are examples of nasty things which can
be done using those parms. But it seems much wiser to whitelist just the parms your web app
needs to use. Am I missing something? Is there a simpler way to protect a Solr installation
which just serves a few AJAX GETs? Cheers -- Rick

On November 30, 2017 3:10:14 PM EST, Rick Leir <rleir@leirtech.com> wrote:
>Hi all
>I have just been looking at solr-security-proxy, which seems to be a
>great little app to put in front of Solr (link below). But would it
>make more sense to use a whitelist of Solr parameters instead of a
>blacklist?
>Thanks
>Rick
>
>https://github.com/dergachev/solr-security-proxy
>
>solr-security-proxy
>Node.js based reverse proxy to make a solr instance read-only,
>rejecting requests that have the potential to modify the solr index.
>--invalidParams   Block these query params (comma separated)  [default:
>"qt,stream"]
>
>
>-- 
>Sorry for being brief. Alternate email is rickleir at yahoo dot com

-- 
Sorry for being brief. Alternate email is rickleir at yahoo dot com 
Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message