Re: Solr rate limiting / DoS attacks
I am using HAProxy for load balancing on my Solr installation, for redundancy. Very recently, request throttling (and by extension, DoS mitigation) was added to the development branch (1.5) of HAProxy. You could probably use that, even if you don't need actual load balancing. http://haproxy.1wt.eu/ This is obviously not the only solution, but it came readily to mind. Shawn On 9/29/2010 12:52 PM, Ian Upright wrote: Hi, I'm curious as to what approaches one would take to defend against users attacking a Solr service, especially if exposed to the internet as opposed to an intranet. I'm fairly new to Solr, is there anything built in? Is there anything in place to prevent the search engine from getting overwhelmed by a particular user or group of users, submitting loads of time-consuming queries as some form of a DoS attack? Additionally, is there a way of rate-limiting it so that only a certain number of queries per user/per hour can be submitted, etc? (for example, to prevent programmatic access to the search engine as opposed to a human user) Thanks, Ian
Re: Solr rate limiting / DoS attacks
This kind of thing is not limited to Solr and you normally wouldn't solve it in software - it's more a network concern. I'd be looking at a web server solution such as Apache mod_evasive combined with a good firewall for more conventional DOS attacks. Just hide your Solr install behind the firewall and communicate with it locally from your web application or whatever. Rate limiting sounds like something Solr should or could provide but I don't know the answer to that. Cheers On Sep 29, 2010, at 2:52 PM, Ian Upright wrote: > Hi, I'm curious as to what approaches one would take to defend against users > attacking a Solr service, especially if exposed to the internet as opposed > to an intranet. I'm fairly new to Solr, is there anything built in? > > Is there anything in place to prevent the search engine from getting > overwhelmed by a particular user or group of users, submitting loads of > time-consuming queries as some form of a DoS attack? > > Additionally, is there a way of rate-limiting it so that only a certain > number of queries per user/per hour can be submitted, etc? (for example, to > prevent programmatic access to the search engine as opposed to a human user) > > Thanks, Ian
Solr rate limiting / DoS attacks
Hi, I'm curious as to what approaches one would take to defend against users attacking a Solr service, especially if exposed to the internet as opposed to an intranet. I'm fairly new to Solr, is there anything built in? Is there anything in place to prevent the search engine from getting overwhelmed by a particular user or group of users, submitting loads of time-consuming queries as some form of a DoS attack? Additionally, is there a way of rate-limiting it so that only a certain number of queries per user/per hour can be submitted, etc? (for example, to prevent programmatic access to the search engine as opposed to a human user) Thanks, Ian