Consider filtering http referrer headers

[dergachev]

Potentially, all valid ajax-solr requests will include a site-specific referrer; eg http://dl-web.dropbox.com/u/29440342/screenshots/JOCFWY-2013.5.7-12.29.png

@ivanistheone suggested to potentially block all requests without a valid referrer

This would prevent other websites from "hotlinking" our solr... unless they're running their own solr proxy.

[frank-dspeed]

you can write your referer check external as nodejs module or else and then if referer valid then proxy to proxy else give denied i think this can be closed.

[frank-dspeed]

oh sorry and one extra information for you only because you maybe don't know it.

The client sends the headers like referer so this can be manipulated via user side i do this realy often to do cross site hijacking. example simply use crul with some parms that put in a referer you will be suprised 💃