Oooh, very nice. Thanks! wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog)
> On Jun 25, 2021, at 2:06 PM, Tulsi Das <tulsi.das1...@gmail.com> wrote: > > Hi Walter, > Probably you can check below repo and use it to sanitize the deep paging > params. > > https://github.com/cominvent/request-sanitizer-component#requestsanitizercomponent > > On Sat, 26 Jun, 2021, 2:09 am Walter Underwood, <wun...@wunderwood.org> > wrote: > >> Thanks, that is exactly the info I wanted! I’ve commented there, even >> though it is closed as Won’t Do. >> >> wunder >> Walter Underwood >> wun...@wunderwood.org >> http://observer.wunderwood.org/ (my blog) >> >>> On Jun 25, 2021, at 12:46 PM, Mike Drob <md...@mdrob.com> wrote: >>> >>> This was discussed somewhat in >>> https://issues.apache.org/jira/browse/SOLR-15252 with no >>> implementation provided. >>> >>> On Fri, Jun 25, 2021 at 11:52 AM Walter Underwood <wun...@wunderwood.org> >> wrote: >>>> >>>> I already said that we have a limit in the client code. I’m asking >> about a limit in Solr. >>>> >>>> wunder >>>> Walter Underwood >>>> wun...@wunderwood.org >>>> http://observer.wunderwood.org/ (my blog) >>>> >>>>> On Jun 25, 2021, at 11:50 AM, Håvard Wahl Kongsgård < >> haavard.kongsga...@gmail.com> wrote: >>>>> >>>>> Just create a proxy client between the user and solr. Set if page >= >> 500 …. >>>>> else >>>>> >>>>> Simple stuff >>>>> >>>>> fre. 25. jun. 2021 kl. 19:20 skrev Walter Underwood < >> wun...@wunderwood.org>: >>>>> >>>>>> Has anyone implemented protection against deep paging inside Solr? I’m >>>>>> thinking about something like a max_rows parameter, where if >> start+rows was >>>>>> greater than that, it would limit the max result to that number. Or >> maybe >>>>>> just return a 400, that would be OK too. >>>>>> >>>>>> I’ve had three or four outages caused by deep paging over the past >> dozen >>>>>> years with Solr. We implement a limit in the client code, then someone >>>>>> forgets to add it to the redesigned client code. A limit in the >> request >>>>>> handler would be so much easier. >>>>>> >>>>>> And yes, I know about cursor marks. We don’t want to enable deep >> paging, >>>>>> we want to stop it. >>>>>> >>>>>> wunder >>>>>> Walter Underwood >>>>>> wun...@wunderwood.org >>>>>> http://observer.wunderwood.org/ (my blog) >>>>>> >>>>>> -- >>>>> Håvard Wahl Kongsgård >>>>> Data Scientist >>>> >> >>
