-
Notifications
You must be signed in to change notification settings - Fork 2
/
solr-proxy-openresty.conf
74 lines (57 loc) · 1.75 KB
/
solr-proxy-openresty.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
server {
listen 80;
# Replace this with your Solr host:
server_name localhost;
# App
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# Create a location block for each handler you'd like to whitelist
location /solr/discovery/select {
# Only allow GET or POST requests
limit_except GET POST {
deny all;
}
# WARNING, UNFINISHED ATTEMPT TO USE OpenResty FEATURES TO FILTER POST REQUESTS
rewrite_by_lua_block {
if ngx.req.get_method() == "POST" then
ngx.req.read_body()
local args, err = ngx.req.get_post_args()
if err == "truncated" then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
if not args then
ngx.say("failed to get post args: ", err)
ngx.exit(ngx.HTTP_FORBIDDEN)
end
if args.rows and string.len(args.rows) > 3 then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
for k,v in pairs(args) do
if string.match(k, "stream") then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
end
end
}
# Limits on rows/start (by number of chars) to prevent deep paging craziness
if ($arg_start ~ ....+) {
return 403;
}
if ($arg_rows ~ ....+) {
return 403;
}
#Explicitly list args to disallow
if ($arg_qt != "") {
return 403;
}
# Disallow specific params that begin with a pattern, ie stream.file stream.body etc
if ($args ~ [\&\?]stream.*?=(.*)) {
return 403;
}
proxy_pass http://solr:8983;
# Other settings:
add_header Access-Control-Allow-Origin *;
}
}