Protecting Solr over HTTP

Current version: 9.2

If you protect the Solr admin page with a user name and a password, you must configure Sitecore to use basic authentication when it makes a Solr request over HTTP.


When Sitecore starts, it makes a Solr request to check that Solr is up and running.

You can control how Sitecore communicates with Solr by specifying the implementation of the IHttpWebRequestFactory interface of SolrNet that Sitecore uses.

You specify the implementation by patching the Sitecore.ContentSearch.DefaultSolrConfiguration.config file. The factory class for Solr HTTP requests is in the <solrHttpWebRequestFactory type="HttpWebAdapters.HttpWebRequestFactory, SolrNet" /> node.

SolrNet provides the following default implementations:

If you, for example, want to support basic authentication for accessing Solr, you must specify the solrHttpWebRequestFactory value in the following way:

For Sitecore versions prior to Sitecore 9, update 2:

<solrHttpWebRequestFactory type="HttpWebAdapters.BasicAuthHttpWebRequestFactory, SolrNet">
  <param hint="username">USERNAME</param>
  <param hint="password">PASSWORD</param>

where you specify the Solr USERNAME and PASSWORD that Sitecore uses in the HTTP request.

For later Sitecore versions, you must specify USERNAME and PASSWORD in the connection string like this:

<add name="" connectionString="" />

Do you have some feedback for us?

If you have suggestions for improving this article,