Hi Walter, Probably you can check below repo and use it to sanitize the deep paging params.
https://github.com/cominvent/request-sanitizer-component#requestsanitizercomponent On Sat, 26 Jun, 2021, 2:09 am Walter Underwood, <wun...@wunderwood.org> wrote: > Thanks, that is exactly the info I wanted! I’ve commented there, even > though it is closed as Won’t Do. > > wunder > Walter Underwood > wun...@wunderwood.org > http://observer.wunderwood.org/ (my blog) > > > On Jun 25, 2021, at 12:46 PM, Mike Drob <md...@mdrob.com> wrote: > > > > This was discussed somewhat in > > https://issues.apache.org/jira/browse/SOLR-15252 with no > > implementation provided. > > > > On Fri, Jun 25, 2021 at 11:52 AM Walter Underwood <wun...@wunderwood.org> > wrote: > >> > >> I already said that we have a limit in the client code. I’m asking > about a limit in Solr. > >> > >> wunder > >> Walter Underwood > >> wun...@wunderwood.org > >> http://observer.wunderwood.org/ (my blog) > >> > >>> On Jun 25, 2021, at 11:50 AM, Håvard Wahl Kongsgård < > haavard.kongsga...@gmail.com> wrote: > >>> > >>> Just create a proxy client between the user and solr. Set if page >= > 500 …. > >>> else > >>> > >>> Simple stuff > >>> > >>> fre. 25. jun. 2021 kl. 19:20 skrev Walter Underwood < > wun...@wunderwood.org>: > >>> > >>>> Has anyone implemented protection against deep paging inside Solr? I’m > >>>> thinking about something like a max_rows parameter, where if > start+rows was > >>>> greater than that, it would limit the max result to that number. Or > maybe > >>>> just return a 400, that would be OK too. > >>>> > >>>> I’ve had three or four outages caused by deep paging over the past > dozen > >>>> years with Solr. We implement a limit in the client code, then someone > >>>> forgets to add it to the redesigned client code. A limit in the > request > >>>> handler would be so much easier. > >>>> > >>>> And yes, I know about cursor marks. We don’t want to enable deep > paging, > >>>> we want to stop it. > >>>> > >>>> wunder > >>>> Walter Underwood > >>>> wun...@wunderwood.org > >>>> http://observer.wunderwood.org/ (my blog) > >>>> > >>>> -- > >>> Håvard Wahl Kongsgård > >>> Data Scientist > >> > >
