You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by David Smiley <ds...@apache.org> on 2020/09/04 04:12:57 UTC
Re: What is the Best way to block certain types of queries/ query
patterns in Solr?
The general assumption in deploying a search platform is that you are going
to front it with a service you write that has the search features you care
about, and only those. Only this service or other administrative functions
should reach Solr. Be wary of making your service so flexible to support
arbitrary parameters you pass to Solr as-is that you don't know about in
advance (i.e. use an allow-list).
~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley
On Mon, Aug 31, 2020 at 10:57 AM Mark Robinson <ma...@gmail.com>
wrote:
> Hi,
> I had come across a mail (Oct, 2019 one) which suggested the best way is to
> handle it before it reaches Solr. I was curious whether:-
> 1. Jetty query filter can be used (came across something like
> that,, need to check)
> 2. Any new features in Solr itself (like in a request handler...or
> solrconfig, schema etc..)
>
> Thanks!
> Mark
>
Re: What is the Best way to block certain types of queries/ query
patterns in Solr?
Posted by Mark Robinson <ma...@gmail.com>.
Makes sense.
Thanks much David!
Mark
On Fri, Sep 4, 2020 at 12:13 AM David Smiley <ds...@apache.org> wrote:
> The general assumption in deploying a search platform is that you are going
> to front it with a service you write that has the search features you care
> about, and only those. Only this service or other administrative functions
> should reach Solr. Be wary of making your service so flexible to support
> arbitrary parameters you pass to Solr as-is that you don't know about in
> advance (i.e. use an allow-list).
>
> ~ David Smiley
> Apache Lucene/Solr Search Developer
> http://www.linkedin.com/in/davidwsmiley
>
>
> On Mon, Aug 31, 2020 at 10:57 AM Mark Robinson <ma...@gmail.com>
> wrote:
>
> > Hi,
> > I had come across a mail (Oct, 2019 one) which suggested the best way is
> to
> > handle it before it reaches Solr. I was curious whether:-
> > 1. Jetty query filter can be used (came across something like
> > that,, need to check)
> > 2. Any new features in Solr itself (like in a request handler...or
> > solrconfig, schema etc..)
> >
> > Thanks!
> > Mark
> >
>