Apache Solr Documentation

6.5 Ref Guide (PDF Download)
Solr Tutorial
Solr Community Wiki

Older Versions of this Guide (PDF)

Ref Guide Topics

Meta-Documentation

*** As of June 2017, the latest Solr Ref Guide is located at https://lucene.apache.org/solr/guide ***

Please note comments on these pages have now been disabled for all users.

Skip to end of metadata
Go to start of metadata

When Solr RequestHandlers are accessed using path based URLs, the SolrQueryRequest object containing the parameters of the request may also contain a list of ContentStreams containing bulk data for the request. (The name SolrQueryRequest is a bit misleading: it is involved in all requests, regardless of whether it is a query request or an update request.)

Stream Sources

Currently RequestHandlers can get content streams in a variety of ways:

  • For multipart file uploads, each file is passed as a stream.
  • For POST requests where the content-type is not application/x-www-form-urlencoded, the raw POST body is passed as a stream. The full POST body is parsed as parameters and included in the Solr parameters.
  • The contents of parameter stream.body is passed as a stream.
  • If remote streaming is enabled and URL content is called for during request handling, the contents of each stream.url and stream.file parameters are fetched and passed as a stream.

By default, curl sends a contentType="application/x-www-form-urlencoded" header. If you need to test a SolrContentHeader content stream, you will need to set the content type with the "-H" flag.

RemoteStreaming

Remote streaming lets you send the contents of a URL as a stream to a given SolrRequestHandler. You could use remote streaming to send a remote or local file to an update plugin. For convenience, remote streaming is enabled in most of the example solrconfig.xml files included with Solr, however it is not recommended in a production situation with out additional security between you and untrusted remote clients.

#666666solid ]]>

The default behavior, when enableRemoteStreaming is not specified in solrconfig.xml is to not allow remote streaming (i.e., enableRemoteStreaming="false").

If you enableRemoteStreaming="true" is used, be aware that this allows anyone to send a request to any URL or local file. If DumpRequestHandler  is enabled, it will allow anyone to view any file on your system.

Debugging Requests

The implicit "dump" RequestHandler (see Implicit RequestHandlers) simply outputs the contents of the SolrQueryRequest using the specified writer type wt. This is a useful tool to help understand what streams are available to the RequestHandlers.

 

  • No labels

2 Comments

  1. This needs revision and if another version of 10.x guide goes out it should be revised there as well

    The following statement has apparently not been true for several years:

    "For security reasons, remote streaming is disabled in the solrconfig.xml included in the example directory."

    Note also that the line below it which is in the example solrconfig.xml says:

    enableRemoteStreaming="true"

    Thus it is enabled not disabled in the example solrconfig.xml

    See http://lucene.472066.n3.nabble.com/Security-hole-in-Solr-4-10-2-example-Solrconfig-turns-on-enableRemoteStreaming-tt4173835.html

    Tom

    1. yeah, good catch tom.

       

      i think the original author just got confused trying to explain the difference between the example configs where we've had enableRemoteStreaming="true"for a long time) vs the default behavior in solr when enableRemoteStreaming doesn't appear in the config at all – that's always been "false"

       

      I've attempted to clarify this.