I would put in a basic iptables statement to allow only your webserver to prevent
http://172.16.0.22:8983/solr/products/update?stream.body=%3Cdelete%3E%3Cquery%3E*:*%3C/query%3E%3C/delete%3E&commit=true On 25 December 2015 at 14:58, Eric Dain <ericdai...@gmail.com> wrote: > Thanks, that is very helpful. > > Have you tried denying access to some fields in the documents? > > On Fri, Dec 25, 2015 at 11:31 AM, Doug Turnbull < > dturnb...@opensourceconnections.com> wrote: > > > We do this all the time, whitelisting only the readonly search end points > > we want to support and disallowing excessively large paging. > > > > Here is a template for an nginx solr proxy. The read me describes more of > > our philosophy > > > > https://github.com/o19s/solr_nginx > > > > On Friday, December 25, 2015, Eric Dain <ericdai...@gmail.com> wrote: > > > > > Hi all, > > > > > > Does allowing javascript direct access to SolrCloud raise security > > concern? > > > should I build a REST service in between? > > > > > > I need to provide async search capability to web pages. the pages will > be > > > public with no authentication. > > > > > > Happy searching, > > > Eric > > > > > > > > > -- > > *Doug Turnbull **| *Search Relevance Consultant | OpenSource Connections > > <http://opensourceconnections.com>, LLC | 240.476.9983 > > Author: Relevant Search <http://manning.com/turnbull> > > This e-mail and all contents, including attachments, is considered to be > > Company Confidential unless explicitly stated otherwise, regardless > > of whether attachments are marked as such. > > >