bruno-roustant commented on a change in pull request #47:
URL: https://github.com/apache/solr/pull/47#discussion_r602355865
##########
File path: solr/solr-ref-guide/src/distributed-requests.adoc
##########
@@ -115,17 +115,19 @@ If specified, the thread pool will use a backing queue
instead of a direct hando
`fairnessPolicy`::
Chooses the JVM specifics dealing with fair policy queuing, if enabled
distributed searches will be handled in a First in First out fashion at a cost
to throughput. If disabled throughput will be favored over latency. The default
is `false`.
-`shardsWhitelist`::
+In addition, `HttpShardHandlerFactory` also depends on the following top-level
property:
+
+`allowUrls`::
If specified, this lists limits what nodes can be requested in the `shards`
request parameter.
+
-In SolrCloud mode this whitelist is automatically configured to include all
live nodes in the cluster.
+In SolrCloud mode this allow-list is automatically configured to include all
live nodes in the cluster.
+
-In standalone mode the whitelist defaults to empty (sharding not allowed).
+In standalone mode the allow-list defaults to empty (sharding not allowed).
+
-If you need to disable this feature for backwards compatibility, you can set
the system property `solr.disable.shardsWhitelist=true`. The value of this
parameter is a comma separated list of the nodes that will be whitelisted, i.e.,
+If you need to disable this feature for backwards compatibility, you can set
the system property `solr.disable.allowUrls=true`. The value of this parameter
is a comma separated list of the nodes that will be allowed, i.e.,
`10.0.0.1:8983/solr,10.0.0.1:8984/solr`.
+
-NOTE: In SolrCloud mode, if at least one node is included in the whitelist,
then the `live_nodes` will no longer be used as source for the list. This means
that if you need to do a cross-cluster request using the `shards` parameter in
SolrCloud mode (in addition to regular within-cluster requests), you'll need to
add all nodes (local cluster + remote nodes) to the whitelist.
+NOTE: In SolrCloud mode, if at least one node is included in the allow-list,
then the `live_nodes` will no longer be used as source for the list. This means
that if you need to do a cross-cluster request using the `shards` parameter in
SolrCloud mode (in addition to regular within-cluster requests), you'll need to
add all nodes (local cluster + remote nodes) to the allow-list.
Review comment:
Yes, I don't understand neither. Is this a security matter? Indeed I
prefer to handle that separately but that would be nice to open the discussion.
Technically it is really easy to have the union of the allow-list and the live
nodes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
