[toc]
Notes:
As of release 9.0, Solr 4.10.1 - which is included in the package - is a requirement.
Throughout this document, the reference [Tomcat install dir] is the directory where Tomcat is installed. Typically, this location is C:\Program Files\Apache Software Foundation\Tomcat 6.0 or C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0.
Restricting access to Solr with a user account
-
Open the [Tomcat install dir]\tomcat-users.xml for editing.
-
Add the following lines within the <tomcat-user> element and save the changes (using your own username and password):
<role rolename="solr_admin"/>
<user username="your_username"
password="your_password"
roles="solr_admin"
/>Open [Tomcat install dir]\webapps\solr\WEB-INF\web.xml for editing.
"solr" in the path is the name of the instance you want to secure. Typically this is called "solr," but could be different if you are running an advanced setup.
-
Add the following lines within the <web-app> element:
<security-role>
<role-name>solr_admin</role-name>
</security-role>
<security-constraint> <web-resource-collection> <web-resource-name>Solr Lockdown</web-resource-name> <url-pattern>/</url-pattern> </web-resource-collection> <auth-constraint> <role-name>solr_admin</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Solr</realm-name> </login-config>Save the changes and restart Tomcat. Test your changes by starting a new browser session and navigating to your site, for ex. http://localhost:8080/solr/. You should be prompted for credentials.
-
Download the following communityserver_override.config file.
-
Place this file in the root of your website directory.
-
Find the section in this file which is highlighted below:
<Override xpath="/CommunityServer/Search/Solr"
Change it to read: http://your_username:your_password@localhost:8080/solr/content
mode="change"
name="host"
value="http://localhost:8080/solr/content"
/>
replacing "your_username" and "your_password" and the host URI with the configured values -
Save changes.
Restricting access to Solr by whitelisting an IP address
You can work with your IT department to limit connections, but if this kind of restriction is not an option you can enforce connection rules using Tomcat configuration.
-
Open the solr.xml file in [Tomcat Install Dir]/conf/Catalina/localhost/. Create the file if it does not exist.
The name of the file should match your instance name. A typical setup is running Solr at http://localhost:8080/solr, so the file should be named solr.xml (all lowercase, case-sensitive characters). If you set up Solr to run at a different location, for example, http://localhost/solr1, the file must be named solr1.xml.
-
Add the code snippet below to the file, but update the docBase value with the path to where your solr.war file resides. (Typically, this would be [Tomcat install dir]/webapps/.)
For example, the following example only allows local connections from the local computer and connections from 127.0.0.1 and 172.15.1.1:<Context docBase="C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\solr.war"
debug="0" crossContext="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1,172.15.1.1" />
</Context> -
Save your work and restart Tomcat.