Re: is there a way to prevent abusing rows parameter
If you're going to validate the rows parameter, may as well validate the start parameter too.. I've run into problems with start and rows with ridiculously high values crash our servers. On Thu, Nov 22, 2012 at 9:58 AM, solr-user solr-u...@hotmail.com wrote: Thanks guys. This is a problem with the front end not validating requests. I was hoping there might be a simple config value I could enter/change, rather than going the long process of migrating a proper fix all the way up to our production servers. Looks like not, but thx. -- View this message in context: http://lucene.472066.n3.nabble.com/is-there-a-way-to-prevent-abusing-rows-parameter-tp4021467p4021892.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: is there a way to prevent abusing rows parameter
Thanks guys. This is a problem with the front end not validating requests. I was hoping there might be a simple config value I could enter/change, rather than going the long process of migrating a proper fix all the way up to our production servers. Looks like not, but thx. -- View this message in context: http://lucene.472066.n3.nabble.com/is-there-a-way-to-prevent-abusing-rows-parameter-tp4021467p4021892.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: is there a way to prevent abusing rows parameter
Does that 'someone' has direct access to Solr endpoint? Is that a right thing to do in a first place? But assuming they do (e.g. intranet), you could build on Jack's suggestion and create a couple of query-handler end-points that are only different in invariant raw count value. So, your default search goes to search10, your 25 results page goes to search25, etc. Regards, Alex. Personal blog: http://blog.outerthoughts.com/ LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch - Time is the quality of nature that keeps events from happening all at once. Lately, it doesn't seem to be working. (Anonymous - via GTD book) On Tue, Nov 20, 2012 at 8:23 PM, solr-user solr-u...@hotmail.com wrote: silly question is there any configuration value I can set to prevent someone from entering a bad value for the rows parameter? ie to prevent something like rows=1 from crashing my servers? the server I am looking at is a solr v3.6 -- View this message in context: http://lucene.472066.n3.nabble.com/is-there-a-way-to-prevent-abusing-rows-parameter-tp4021467.html Sent from the Solr - User mailing list archive at Nabble.com.
is there a way to prevent abusing rows parameter
silly question is there any configuration value I can set to prevent someone from entering a bad value for the rows parameter? ie to prevent something like rows=1 from crashing my servers? the server I am looking at is a solr v3.6 -- View this message in context: http://lucene.472066.n3.nabble.com/is-there-a-way-to-prevent-abusing-rows-parameter-tp4021467.html Sent from the Solr - User mailing list archive at Nabble.com.
Re: is there a way to prevent abusing rows parameter
You could set an invariant parameter value, but that would mean they can't give an override. It might be a useful addition to Solr to have a maximum value (specified as an invariant). You could also simply add your own Solr search component that checked and maxed the rows. -- Jack Krupansky -Original Message- From: solr-user Sent: Tuesday, November 20, 2012 8:23 PM To: solr-user@lucene.apache.org Subject: is there a way to prevent abusing rows parameter silly question is there any configuration value I can set to prevent someone from entering a bad value for the rows parameter? ie to prevent something like rows=1 from crashing my servers? the server I am looking at is a solr v3.6 -- View this message in context: http://lucene.472066.n3.nabble.com/is-there-a-way-to-prevent-abusing-rows-parameter-tp4021467.html Sent from the Solr - User mailing list archive at Nabble.com.