You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by Rick Leir <rl...@leirtech.com> on 2017/12/01 16:52:44 UTC

Re: Fwd: solr-security-proxy

The default blacklist is qt and stream, because there are examples of nasty things which can be done using those parms. But it seems much wiser to whitelist just the parms your web app needs to use. Am I missing something? Is there a simpler way to protect a Solr installation which just serves a few AJAX GETs? Cheers -- Rick

On November 30, 2017 3:10:14 PM EST, Rick Leir <rl...@leirtech.com> wrote:
>Hi all
>I have just been looking at solr-security-proxy, which seems to be a
>great little app to put in front of Solr (link below). But would it
>make more sense to use a whitelist of Solr parameters instead of a
>blacklist?
>Thanks
>Rick
>
>https://github.com/dergachev/solr-security-proxy
>
>solr-security-proxy
>Node.js based reverse proxy to make a solr instance read-only,
>rejecting requests that have the potential to modify the solr index.
>--invalidParams   Block these query params (comma separated)  [default:
>"qt,stream"]
>
>
>-- 
>Sorry for being brief. Alternate email is rickleir at yahoo dot com

-- 
Sorry for being brief. Alternate email is rickleir at yahoo dot com