solr-proxy
Reverse proxy to make a Solr instance read-only, rejecting requests that have the potential to modify the Solr index.
This is a rewrite of solr-security-proxy with some bug fixes and additional features.
Installation
For use from the command line:
npm install -g solr-proxy
For use in another application:
npm install solr-proxy
Usage
From the command-line:
solr-proxy
Options are:
Options:
--port Listen on this port [default: 8008]
--upstream Solr backend [default: "http://localhost:8983"]
--validPaths Allowed paths (comma [default: "/solr/select"]
delimited)
--invalidParams Blocked parameters (comma [default: "qt,stream"]
delimited)
--validMethods Allowed HTTP methods (comma [default: "GET"]
delimited)
--maxRows Maximum rows permitted in a [default: 200]
request
--maxStart Maximum start offset [default: 1000]
permitted in a request
--quiet, -q Do not write messages to STDOUT
--version, -v Show version
--help, -h Show this message
To start the server from your application:
import SolrProxy from 'solr-proxy'
await SolrProxy.start()
You can pass a port number as the first argument to start()
. You may pass a
falsy value (such as null
or undefined
) if you wish to use the port number
specified specified in the listenPort
property in the options object (second
argument). If the port is not specified in either argument, the default value of
8008
is used.
You can pass an options object as the second argument to start()
.
const defaultOptions = {
listenPort: 8008,
validHttpMethods: ['GET'],
validPaths: ['/solr/select'],
invalidParams: ['qt', 'stream'],
upstream: 'http://localhost:8983'
maxRows: 200,
maxStart: 1000
}
To enable TLS for your proxy, include an ssl
object within the options
object.
const options = {
ssl: {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem'),
}
}
const proxy = await SolrProxy.start(null, options);
Default Rules
solr-proxy has the following default rules:
- Reject any request methods other than GET
- Only allow the
/solr/select
path - Block requests with
qt
and stream.*
query parameters. - Reject requests with
rows
set to more than 200. - Reject requests with
start
set to more than 1000.
License
MIT
Related Reading