Documentation > Data Security

Solr Index with HTTP Authentication

Data Security

Overview

Opensolr provides multiple layers of security to protect your Solr index data. You can use HTTP Authentication, IP-based access rules, and SSL encryption — individually or combined — to ensure only authorized clients can access your index.

How to Enable HTTP Authentication

  1. Log in to the Opensolr Control Panel.
  2. Click on your index name to open its management page.
  3. Navigate to the Security tab.
  4. Under Manage HTTP Auth Credentials, set your desired username and password.
  5. Save your changes. HTTP Authentication is now active on your index.

Once enabled, every request to your index (including /select, /update, and all other request handlers) will require valid HTTP Basic Authentication credentials.

Using HTTP Auth in Your Application

When HTTP Auth is enabled, include your credentials in every request. For example, with curl:

curl -u "your-username:your-password" \
  "https://YOUR_SOLR_HOST/solr/YOUR_INDEX/select?q=*:*"

Most Solr client libraries (Solarium, SolrJ, pysolr, etc.) support HTTP Basic Authentication in their configuration.

IP-Based Access Rules

In addition to HTTP Auth, you can restrict access to specific request handlers based on IP address:

  • Navigate to the Security tab in your index management page.
  • Under Add new Access IP Address, you can define which IP addresses are allowed to access specific request handlers (/select, /update, etc.).
  • By default, the wildcard "all" is set, meaning all IP addresses can access all request handlers.
  • You can restrict /update to only your server IP while leaving /select open, for example.

This is useful for ensuring that only your backend servers can write to the index, while read access may be broader.

SSL Encryption

All connections throughout the Opensolr platform — including the website and all Solr cluster servers — are secured with SSL/TLS encryption. This means your data and credentials are encrypted in transit at all times. No additional configuration is needed; simply use https:// URLs.

Security Best Practices

  • Always enable HTTP Auth if your index contains sensitive or proprietary data.
  • Restrict /update access to your server IPs only — this prevents unauthorized data modification.
  • Use strong credentials and rotate them periodically.
  • Never expose credentials in client-side JavaScript. Proxy Solr requests through your backend.

Need help configuring security for your index? Contact Us and we will assist you.