Sitecore Experience Platform

Protecting Solr over HTTP

Abstract

Describes how to add authentication to Solr web pages, including the admin page.

If you protect the Solr admin page with a user name and a password, you must configure Sitecore to use basic authentication when it makes a Solr request over HTTP.

Note

When Sitecore starts, it makes a Solr request to check that Solr is up and running.

You can control how Sitecore communicates with Solr by specifying the implementation of the IHttpWebRequestFactory interface of SolrNet that Sitecore uses.

You specify the implementation by patching the Sitecore.ContentSearch.DefaultSolrConfiguration.config file. The factory class for Solr HTTP requests is in the <solrHttpWebRequestFactory type="HttpWebAdapters.HttpWebRequestFactory, SolrNet" /> node.

SolrNet provides the following default implementations:

If you, for example, want to support basic authentication for accessing Solr, you must specify the solrHttpWebRequestFactory value in the following way:

<solrHttpWebRequestFactory type="HttpWebAdapters.BasicAuthHttpWebRequestFactory, SolrNet">
  <param hint="username">USERNAME</param>
  <param hint="password">PASSWORD</param>
</solrHttpWebRequestFactory>

where you specify the Solr USERNAME and PASSWORD that Sitecore uses in the HTTP request.