Force restriction of number of returned documents ES-wide (using filtered aliases?)


(Fin Sekun) #1

Hi,

I am securing an ES installation and try to restrict the number of returned
documents by configuration (for all ES queries). It's possible to use
filtered aliases
(http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-aliases.html),
but I cannot find a working syntax with a "size" filter. The "limit" filter
isn't suitable, see e.g.
https://stackoverflow.com/questions/21444623/elasticsearch-limit-filter-ambiguity
for the difference.

Is it possible to create an index alias with a "size" restriction?
If not: How do you restrict the max. number of results ES-wide to prevent
DoS?

Thank you, rgds
Fin

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/317c7822-d6ce-43be-9645-eaccda6f08ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(Adrien Grand) #2

Hi,

The only way to implement it today would be on client side. However, I
think this would be an interesting feature given that while Elasticsearch
is fast at retrieving the top hits, going deeper in the result set can use
lots of resources (both CPU-wise and memory-wise).

Can you open an issue on Github to suggest that this feature be implemented?

On Wed, Apr 9, 2014 at 11:51 AM, Fin Sekun fin.sekun@yahoo.com wrote:

Hi,

I am securing an ES installation and try to restrict the number of
returned documents by configuration (for all ES queries). It's possible to
use filtered aliases (
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-aliases.html),
but I cannot find a working syntax with a "size" filter. The "limit" filter
isn't suitable, see e.g.
https://stackoverflow.com/questions/21444623/elasticsearch-limit-filter-ambiguityfor the difference.

Is it possible to create an index alias with a "size" restriction?
If not: How do you restrict the max. number of results ES-wide to prevent
DoS?

Thank you, rgds
Fin

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/317c7822-d6ce-43be-9645-eaccda6f08ff%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/317c7822-d6ce-43be-9645-eaccda6f08ff%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAL6Z4j6zqmMvXbNEepzd39XpcK%3DGiDAq_A1Vp0frmiLe%2BbvNNQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(Fin Sekun) #3

Done: https://github.com/elasticsearch/elasticsearch/issues/5774

If anybody knows a server-side workaround, please let me know.
Client-side isn't suitable because my app is a RIA application (HTML + JS
framework), so the complete API will be exposed to the public and without
the restriction malintent users are able to create DoS-like requests :frowning:
But this would have to be a common problem, I wonder how other people solve
it...

On Friday, April 11, 2014 1:50:38 AM UTC+2, Adrien Grand wrote:

Hi,

The only way to implement it today would be on client side. However, I
think this would be an interesting feature given that while Elasticsearch
is fast at retrieving the top hits, going deeper in the result set can use
lots of resources (both CPU-wise and memory-wise).

Can you open an issue on Github to suggest that this feature be
implemented?

On Wed, Apr 9, 2014 at 11:51 AM, Fin Sekun <fin....@yahoo.com<javascript:>

wrote:

Hi,

I am securing an ES installation and try to restrict the number of
returned documents by configuration (for all ES queries). It's possible to
use filtered aliases (
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-aliases.html),
but I cannot find a working syntax with a "size" filter. The "limit" filter
isn't suitable, see e.g.
https://stackoverflow.com/questions/21444623/elasticsearch-limit-filter-ambiguityfor the difference.

Is it possible to create an index alias with a "size" restriction?
If not: How do you restrict the max. number of results ES-wide to prevent
DoS?

Thank you, rgds
Fin

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/317c7822-d6ce-43be-9645-eaccda6f08ff%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/317c7822-d6ce-43be-9645-eaccda6f08ff%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Adrien Grand

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/56086e58-de26-4e86-a11b-984e0802c0d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(system) #4