There are reports that POST queries are returning 403 errors for operations such as index clears and reindexing. The specific error is listed below:
Apache_Solr_HttpTransportException: '403' Status: Forbidden in Apache_Solr_Service->_sendRawPost() (line 364 of sites/all/libraries/SolrPhpClient/Apache/Solr/Service.php).
This indicates that the POST queries aren't routed through SearchApiAcquiaSearchHttpTransport::performHttpRequest() causing 403 errors. (Thanks Nick_vh!) This method adds the access parameters to the query so that it authenticates using Acquia Search's HMAC authentication mechanism.
Comment | File | Size | Author |
---|---|---|---|
#6 | indexing-403-1678152-6.patch | 630 bytes | cpliakas |
#4 | debug-1678152-4.patch | 737 bytes | cpliakas |
Comments
Comment #1
cpliakas CreditAttribution: cpliakas commentedClosing as cannot reproduce. The reporter apparently was using something other than the code in this module.
Comment #2
kenorb CreditAttribution: kenorb commentedThe same problems.
Solr retrurns a 403 at times. No pattern detected yet. Happened a couple of times during the 3 hours when testing the search. No configuration was changed during the period. No code changes either.
The error reads "SearchApiException: An error occurred while trying to search with Solr: '403' Status: Forbidden. in SearchApiSolrService->search() (line 607 of modules/search_api_solr/service.inc)." - on the search pages
At the same time when you try to index the content, it throws an error:
An AJAX HTTP error occurred. HTTP Result Code: 500 Debugging information follows. Path: /batch?id=150&op=do StatusText: Service unavailable (with message) ResponseText: Apache_Solr_HttpTransportException: '403' Status: Forbidden in Apache_Solr_Service->_sendRawPost() (line 364 of libraries/SolrPhpClient/Apache/Solr/Service.php).
The Search API configuration page reports that the solr server is available and in good health.
Search API Modules:
Workaround:
Setting the number of content to index to 1, run the index and then set it back to 50.
Related:
https://forums.acquia.com/acquia-products-and-services/dev-desktop/solr4...
#1708336: SearchApiException: An error occurred while trying to search with Solr: 400 Status: Bad Request.
Comment #3
ryan.gibson CreditAttribution: ryan.gibson commentedThis is happening to me as well. Access denied on search.
Comment #4
cpliakas CreditAttribution: cpliakas commentedLet's see if we can capture the pattern when searching. The attached patch will log a watchdog message with the appropriate info so we can detect the error. If you want to post the info here, make sure it is sanitized. Otherwise it might be safer to post it in a support ticket.
Comment #5
cpliakas CreditAttribution: cpliakas commentedAfter receiving some more info about this, it could be because Search API isn't updating the timestamp on post requests, so Acquia Search thinks that there is a replay attack. Just a guess, but looking at some Solr logs there is evidence to believe that this is the case. Investigating further.
Comment #6
cpliakas CreditAttribution: cpliakas commentedKind of a shot in the dark, but if Search API isn't batching the requests then the timestamp might be stale. The attached patch swaps out the
REQUEST_TIME
constant for thetime()
function. I would appreciate testers who are experiencing this issue to privide feedback on whether this works or not. At the very least this will help us rule out this assumption.Thanks,
Chris
Comment #7
rikvd CreditAttribution: rikvd commentedthe path to reproduce is to run a batch for massdeleting nodes that are indexed trough acquia SOLR using for example this script, for over 1500 nodes.
the patch mentioned in #6 fixed the problem.
Comment #8
cpliakas CreditAttribution: cpliakas commentedrikvd,
Thanks for the steps to reproduce and confirming that the patch fixes the issue!
Committed at http://drupalcode.org/project/search_api_acquia.git/commit/3ef80e5 which will be reflected in the upcoming beta3 release.
Chris
Comment #9
cpliakas CreditAttribution: cpliakas commentedComment #10.0
(not verified) CreditAttribution: commentedUpdated issue summary.