Another option is to use HTTP auth, which would involve modifying web.xml in the Solr WAR and configuring a user in your container.
Unfortunately, this won't work with distributed queries. Michael Della Bitta ------------------------------------------------ Appinions 18 East 41st Street, 2nd Floor New York, NY 10017-6271 www.appinions.com Where Influence Isn’t a Game On Thu, Nov 8, 2012 at 11:23 PM, Alexandre Rafalovitch <arafa...@gmail.com> wrote: > I haven't _done_ this myself, but I believe it is a well supported > scenario. See, for example, > http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html#accesscontrol > and > http://stackoverflow.com/questions/1666052/java-https-client-certificate-authentication > > Basically, you create a set of self-signed certificates and then your > client has to encrypt the connection and provide the certificate. Somebody > with access to the client can probably still break it and get the > certificates out, but it is quite a bit harder than just running a > Wireshark on the same (or even other) machine and checking what custom > header is being used. > > This is no longer a SOLR question, but I am sure StackOverflow can help > with more specific issues, if needed. > > Regards, > Alex. > > Personal blog: http://blog.outerthoughts.com/ > LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch > - Time is the quality of nature that keeps events from happening all at > once. Lately, it doesn't seem to be working. (Anonymous - via GTD book) > > > On Thu, Nov 8, 2012 at 10:08 PM, Floyd Wu <floyd...@gmail.com> wrote: > >> Hi Alex, I'd like to know how to "using Client and Server Certificates to >> protect >> the connection and embedding those certificates into clients?" >> >> Please kindly share your experience. >> >> Floyd >> >> >> 2012/11/8 Alexandre Rafalovitch <arafa...@gmail.com> >> >> > It is very easy to do this on Apache, but you need to be aware that >> > User-Agent is extremely easy to both sniff and spoof. >> > >> > Have you thought of perhaps using Client and Server Certificates to >> protect >> > the connection and embedding those certificates into clients? >> > >> > Regards, >> > Alex. >> > >> > Personal blog: http://blog.outerthoughts.com/ >> > LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch >> > - Time is the quality of nature that keeps events from happening all at >> > once. Lately, it doesn't seem to be working. (Anonymous - via GTD book) >> > >> > >> > On Thu, Nov 8, 2012 at 9:39 AM, Bruno Mannina <bmann...@free.fr> wrote: >> > >> > > Dear All, >> > > >> > > I'm using an external program (my own client) to access to my >> Apache-SolR >> > > database. >> > > I would like to restrict the SOLR access to a specific User-Agent >> > (defined >> > > in my program). >> > > >> > > I would like to know if it's possible to do that directly in SolR >> config >> > > or I must >> > > process that in the Apache server? >> > > >> > > My program do only requests like this (i.e.): >> > > http://xxx.xxx.xxx.xxx:pp/**solr/select/?q=ap%3Afuelcell&** >> > > version=2.2&start=0&rows=10&**indent=on >> > > >> > > I can add on my HTTP component properties an User-Agent, Log, Pass, >> > etc... >> > > like a standard Http connection. >> > > >> > > To complete: my soft is distribued to several users and I would like to >> > > limit the SOLR access to these users and with my program. >> > > FireFox, Chrome, I.E. will be unauthorized. >> > > >> > > thanks for your comment or help, >> > > Bruno >> > > >> > > Ubuntu 12.04LTS >> > > SolR 3.6 >> > > >> > >>
