solr-proxy-openresty.conf

server {
	listen 80;
	
	
	# Replace this with your Solr host:
	server_name localhost;

	# App
        location / {
        	root   /usr/share/nginx/html;
      		index  index.html index.htm;
	}
	
	# Create a location block for each handler you'd like to whitelist
	location /solr/discovery/select {
	
		# Only allow GET or POST requests
	        limit_except GET POST {
        	        deny all;
	        }

# WARNING, UNFINISHED ATTEMPT TO USE OpenResty FEATURES TO FILTER POST REQUESTS

     rewrite_by_lua_block {
       if ngx.req.get_method() == "POST" then
         ngx.req.read_body()
         local args, err = ngx.req.get_post_args()

         if err == "truncated" then
             ngx.exit(ngx.HTTP_FORBIDDEN)
         end

         if not args then
             ngx.say("failed to get post args: ", err)
             ngx.exit(ngx.HTTP_FORBIDDEN)
         end

         if args.rows and string.len(args.rows) > 3 then
             ngx.exit(ngx.HTTP_FORBIDDEN)
         end

         for k,v in pairs(args) do
           if string.match(k, "stream") then
             ngx.exit(ngx.HTTP_FORBIDDEN)
           end
         end
       end
     }
	        
                # Limits on rows/start (by number of chars) to prevent deep paging craziness
                if ($arg_start ~ ....+) {
                        return 403;
                }
                if ($arg_rows ~ ....+) {
                        return 403;
                }

	
		#Explicitly list args to disallow
		if ($arg_qt != "") {
			return 403;
		}
		
		# Disallow specific params that begin with a pattern, ie stream.file stream.body etc
		if ($args ~ [\&\?]stream.*?=(.*)) {
			return 403;
		}
		proxy_pass http://solr:8983;
		
		# Other settings:
               add_header Access-Control-Allow-Origin *;
	}
	
}