solr DoS protection

Our web ap开发者_如何学JAVAp has recently become the target of some DDoSers. We use solr and they managed to generate 100% load by searching for "**" every few seconds. Can someone tell me why that query takes tens of seconds to run, whereas everything else takes just milliseconds? Also, the code appends the user ID to the search so the query was "userid: 10 AND **", which shouldn't really slow down because that user only has 10 documents or so.

Does anyone know what's going on, and how we can best protect ourselves from it?

Thank you.

** gets interpreted by Solr as a query with leading and ending wildcard and since these is no defined field it lands on your default search field, which (as your said in the comments) is a big text field. So it ends up searching for everything which is probably why it takes so long.

Solution: filter out ** in your application before passing the query to Solr. You could even filter all * if you don't want to allow your users to issue any wildcard queries.