lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Della Bitta <michael.della.bi...@appinions.com>
Subject Re: Limit the SolR acces from the web for one user-agent?
Date Fri, 09 Nov 2012 18:37:55 GMT
Another option is to use HTTP auth, which would involve modifying
web.xml in the Solr WAR and configuring a user in your container.

Unfortunately, this won't work with distributed queries.

Michael Della Bitta

------------------------------------------------
Appinions
18 East 41st Street, 2nd Floor
New York, NY 10017-6271

www.appinions.com

Where Influence Isn’t a Game


On Thu, Nov 8, 2012 at 11:23 PM, Alexandre Rafalovitch
<arafalov@gmail.com> wrote:
> I haven't _done_ this myself, but I believe it is a well supported
> scenario. See, for example,
> http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html#accesscontrol
> and
> http://stackoverflow.com/questions/1666052/java-https-client-certificate-authentication
>
> Basically, you create a set of self-signed certificates and then your
> client has to encrypt the connection and provide the certificate. Somebody
> with access to the client can probably still break it and get the
> certificates out, but it is quite a bit harder than just running a
> Wireshark on the same (or even other) machine and checking what custom
> header is being used.
>
> This is no longer a SOLR question, but I am sure StackOverflow can help
> with more specific issues, if needed.
>
> Regards,
>    Alex.
>
> Personal blog: http://blog.outerthoughts.com/
> LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch
> - Time is the quality of nature that keeps events from happening all at
> once. Lately, it doesn't seem to be working.  (Anonymous  - via GTD book)
>
>
> On Thu, Nov 8, 2012 at 10:08 PM, Floyd Wu <floyd.wu@gmail.com> wrote:
>
>> Hi Alex, I'd like to know how to "using Client and Server Certificates to
>> protect
>> the connection and embedding those certificates into clients?"
>>
>> Please kindly share your experience.
>>
>> Floyd
>>
>>
>> 2012/11/8 Alexandre Rafalovitch <arafalov@gmail.com>
>>
>> > It is very easy to do this on Apache, but you need to be aware that
>> > User-Agent is extremely easy to both sniff and spoof.
>> >
>> > Have you thought of perhaps using Client and Server Certificates to
>> protect
>> > the connection and embedding those certificates into clients?
>> >
>> > Regards,
>> >    Alex.
>> >
>> > Personal blog: http://blog.outerthoughts.com/
>> > LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch
>> > - Time is the quality of nature that keeps events from happening all at
>> > once. Lately, it doesn't seem to be working.  (Anonymous  - via GTD book)
>> >
>> >
>> > On Thu, Nov 8, 2012 at 9:39 AM, Bruno Mannina <bmannina@free.fr> wrote:
>> >
>> > > Dear All,
>> > >
>> > > I'm using an external program (my own client) to access to my
>> Apache-SolR
>> > > database.
>> > > I would like to restrict the SOLR access to a specific User-Agent
>> > (defined
>> > > in my program).
>> > >
>> > > I would like to know if it's possible to do that directly in SolR
>> config
>> > > or I must
>> > > process that in the Apache server?
>> > >
>> > > My program do only requests like this (i.e.):
>> > > http://xxx.xxx.xxx.xxx:pp/**solr/select/?q=ap%3Afuelcell&**
>> > > version=2.2&start=0&rows=10&**indent=on
>> > >
>> > > I can add on my HTTP component properties an User-Agent, Log, Pass,
>> > etc...
>> > > like a standard Http connection.
>> > >
>> > > To complete: my soft is distribued to several users and I would like to
>> > > limit the SOLR access to these users and with my program.
>> > > FireFox, Chrome, I.E. will be unauthorized.
>> > >
>> > > thanks for your comment or help,
>> > > Bruno
>> > >
>> > > Ubuntu 12.04LTS
>> > > SolR 3.6
>> > >
>> >
>>

Mime
View raw message