I don't think this is the point and I agree that Solr should not be accessible from the outside world but only from a restricted number of clients.
So in my opinion, the OP was trying to explain that, for example, if you make an http call to solr through a reverse proxy (or a chain of) with the path / the answer is a 302 with the ip address of the original server. On Thu, Apr 7, 2022 at 11:45 PM dmitri maziuk <[email protected]> wrote: > On 2022-04-07 9:56 AM, Anchal Sharma2 wrote: > > Hi All, > > > > It took me a while to get the following information about the detected > vulnerability from the security team . > ... > > Maybe you should educate them about a vulnerability in the `ping` > command: if they ping your solr server by its name, it'll tell them the > server's ip address. > > Dima > > > -- Vincenzo D'Amore
