Re: Fwd: solr-security-proxy

2017-12-01 Thread Rick Leir 
The default blacklist is qt and stream, because there are examples of nasty 
things which can be done using those parms. But it seems much wiser to 
whitelist just the parms your web app needs to use. Am I missing something? Is 
there a simpler way to protect a Solr installation which just serves a few AJAX 
GETs? Cheers -- Rick

On November 30, 2017 3:10:14 PM EST, Rick Leir  wrote:
>Hi all
>I have just been looking at solr-security-proxy, which seems to be a
>great little app to put in front of Solr (link below). But would it
>make more sense to use a whitelist of Solr parameters instead of a
>blacklist?
>Thanks
>Rick
>
>https://github.com/dergachev/solr-security-proxy
>
>solr-security-proxy
>Node.js based reverse proxy to make a solr instance read-only,
>rejecting requests that have the potential to modify the solr index.
>--invalidParams   Block these query params (comma separated)  [default:
>"qt,stream"]
>
>
>-- 
>Sorry for being brief. Alternate email is rickleir at yahoo dot com

-- 
Sorry for being brief. Alternate email is rickleir at yahoo dot com

Fwd: solr-security-proxy

2017-11-30 Thread Rick Leir 
Hi all
I have just been looking at solr-security-proxy, which seems to be a great 
little app to put in front of Solr (link below). But would it make more sense 
to use a whitelist of Solr parameters instead of a blacklist?
Thanks
Rick

https://github.com/dergachev/solr-security-proxy

solr-security-proxy
Node.js based reverse proxy to make a solr instance read-only, rejecting 
requests that have the potential to modify the solr index.
--invalidParams   Block these query params (comma separated)  [default: 
"qt,stream"]


-- 
Sorry for being brief. Alternate email is rickleir at yahoo dot com