This kind of thing is not limited to Solr and you normally wouldn't solve it in software - it's more a network concern. I'd be looking at a web server solution such as Apache mod_evasive combined with a good firewall for more conventional DOS attacks. Just hide your Solr install behind the firewall and communicate with it locally from your web application or whatever.
Rate limiting sounds like something Solr should or could provide but I don't know the answer to that. Cheers On Sep 29, 2010, at 2:52 PM, Ian Upright wrote: > Hi, I'm curious as to what approaches one would take to defend against users > attacking a Solr service, especially if exposed to the internet as opposed > to an intranet. I'm fairly new to Solr, is there anything built in? > > Is there anything in place to prevent the search engine from getting > overwhelmed by a particular user or group of users, submitting loads of > time-consuming queries as some form of a DoS attack? > > Additionally, is there a way of rate-limiting it so that only a certain > number of queries per user/per hour can be submitted, etc? (for example, to > prevent programmatic access to the search engine as opposed to a human user) > > Thanks, Ian
