Configure Jetty custom error page under Solr

[David Ahia <Da...@dpss.lacounty.gov>]

As a result of a security scan of Solr, I am being asked to block the display of error messages.  Is there a recommended guide for configuring Jetty with a custom error page to ensure error messages are not displayed through the web UI?

David Ahia,
Principal Application Developer

This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any unauthorized disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

Re: Configure Jetty custom error page under Solr

[Shawn Heisey <ap...@elyograg.org.INVALID>]

On 9/13/22 14:08, David Ahia wrote:
> As a result of a security scan of Solr, I am being asked to block the display of error messages.  Is there a recommended guide for configuring Jetty with a custom error page to ensure error messages are not displayed through the web UI?

If anything other than allowed applications and trusted admins is able 
to make a connection to your Solr install, then you've already lost the 
security battle.  The fact that Solr returns error messages shouldn't be 
an issue, because attackers should not be allowed to even make a network 
connection to Solr.

If somebody manages to compromise your front-end systems and get access 
to anything those have access to, then there are far more interesting 
and damaging systems at their disposal than your search engine.  Search 
engines normally do not contain super-sensitive information, but 
databases do.

Thanks,
Shawn