On 9/13/22 14:08, David Ahia wrote:
As a result of a security scan of Solr, I am being asked to block the display of error messages. Is there a recommended guide for configuring Jetty with a custom error page to ensure error messages are not displayed through the web UI?
If anything other than allowed applications and trusted admins is able to make a connection to your Solr install, then you've already lost the security battle. The fact that Solr returns error messages shouldn't be an issue, because attackers should not be allowed to even make a network connection to Solr.
If somebody manages to compromise your front-end systems and get access to anything those have access to, then there are far more interesting and damaging systems at their disposal than your search engine. Search engines normally do not contain super-sensitive information, but databases do.
Thanks, Shawn
