TCP-level attacks like SYN-flooding. All kinds of HTTP breakage that Apache has fixed over the years. You really want a bombproof TCP and HTTP implementation.
Very, very slow clients that keep a socket open for a long time while the bits drool out to them. We saw problems with all service threads being busy, and implemented a deadman timer to reboot if no threads were in listen state for two minutes. We put in IP address checks for access to admin pages. You can do a similar thing with Apache by only making the search pages available and requiring admins to go directly to Solr on a different port. That port can be blocked by a firewall. Finally, you get the years of experience and documentation in configuring Apache for use exposed on the Internet. wunder On 11/17/08 7:28 AM, "Erik Hatcher" <[EMAIL PROTECTED]> wrote: > > On Nov 17, 2008, at 10:22 AM, Walter Underwood wrote: >> It is possible to make it safe, but a lot of work. We did this for >> Ultraseek. I would always, always front it with Apache, to get some >> of Apache's protection. > > What protections specifically are you speaking of with Apache in > front? Authentication? Row limiting? > > Erik >
