I haven't _done_ this myself, but I believe it is a well supported scenario. See, for example, http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html#accesscontrol and http://stackoverflow.com/questions/1666052/java-https-client-certificate-authentication
Basically, you create a set of self-signed certificates and then your client has to encrypt the connection and provide the certificate. Somebody with access to the client can probably still break it and get the certificates out, but it is quite a bit harder than just running a Wireshark on the same (or even other) machine and checking what custom header is being used. This is no longer a SOLR question, but I am sure StackOverflow can help with more specific issues, if needed. Regards, Alex. Personal blog: http://blog.outerthoughts.com/ LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch - Time is the quality of nature that keeps events from happening all at once. Lately, it doesn't seem to be working. (Anonymous - via GTD book) On Thu, Nov 8, 2012 at 10:08 PM, Floyd Wu <floyd...@gmail.com> wrote: > Hi Alex, I'd like to know how to "using Client and Server Certificates to > protect > the connection and embedding those certificates into clients?" > > Please kindly share your experience. > > Floyd > > > 2012/11/8 Alexandre Rafalovitch <arafa...@gmail.com> > > > It is very easy to do this on Apache, but you need to be aware that > > User-Agent is extremely easy to both sniff and spoof. > > > > Have you thought of perhaps using Client and Server Certificates to > protect > > the connection and embedding those certificates into clients? > > > > Regards, > > Alex. > > > > Personal blog: http://blog.outerthoughts.com/ > > LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch > > - Time is the quality of nature that keeps events from happening all at > > once. Lately, it doesn't seem to be working. (Anonymous - via GTD book) > > > > > > On Thu, Nov 8, 2012 at 9:39 AM, Bruno Mannina <bmann...@free.fr> wrote: > > > > > Dear All, > > > > > > I'm using an external program (my own client) to access to my > Apache-SolR > > > database. > > > I would like to restrict the SOLR access to a specific User-Agent > > (defined > > > in my program). > > > > > > I would like to know if it's possible to do that directly in SolR > config > > > or I must > > > process that in the Apache server? > > > > > > My program do only requests like this (i.e.): > > > http://xxx.xxx.xxx.xxx:pp/**solr/select/?q=ap%3Afuelcell&** > > > version=2.2&start=0&rows=10&**indent=on > > > > > > I can add on my HTTP component properties an User-Agent, Log, Pass, > > etc... > > > like a standard Http connection. > > > > > > To complete: my soft is distribued to several users and I would like to > > > limit the SOLR access to these users and with my program. > > > FireFox, Chrome, I.E. will be unauthorized. > > > > > > thanks for your comment or help, > > > Bruno > > > > > > Ubuntu 12.04LTS > > > SolR 3.6 > > > > > >
