Securing Solr on Tomcat

September 10, 2012 § Leave a comment

Note: Throughout this document the reference [Tomcat install dir] is the directory where Tomcat is installed. Typically, this is C:\Program Files\Apache Software Foundation\Tomcat 7.0 or C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0.

Restricting access using a user account

  1. Open [Tomcat install dir]\tomcat-users.xml for editing.
  2. Add the following lines within the <tomcat-user> element and save the changes (using your own username and password):
    <role rolename="solr_admin"/>
    <user username="your_username"

    Open [Tomcat install dir]\webapps\solr\WEB-INF\web.xml for editing.

    “solr” in the path is the name of the instance you want to secure. Typically this is “solr,” but may be different if you are running an advanced setup.

  3. Add the following lines within the <web-app> element:
          <web-resource-name>Solr Lockdown</web-resource-name>
  4. Save the changes and restart Tomcat. Test your changes by starting a new browser session and navigating to your site, for ex. http://localhost:8080/solr/. You should be prompted for credentials.
  5. Download the following communityserver_override.config file.
  6. Place this file in the root of your Web site directory.
  7. Find the section in this file which is highlighted below and change it to read
    replacing “your_username” and “your_password” and the host URI with the configured values

    <Override xpath="/CommunityServer/Search/Solr"
              value="<span style="background-color:#ffff00;">http://localhost:8080/solr</span>"
  8. Save changes.

Restricting by IP Address

You can work with your IT department to limit connections, but in the case this is not an option you can enforce connection rules using Tomcat configuration.

  1. Open the solr.xml file in [Tomcat Install Dir]/conf/Catalina/localhost/. Create the file if it does not exist.

    The name of the file should match your instance name. A typical setup is running Solr at http://localhost:8080/solr, so the file should be named solr.xml (all lowercase, case-sensitive characters). If you set up Solr to run at a different location, e.g., http://localhost/solr1, the file must be named solr1.xml.

  2. Add the following snippet to the file, but update the docBase value with the path to where your solr.war file resides. Typically this would be [Tomcat install dir]/webapps/.

    For example, the following example only allows local connections from the local computer and connections from

    <Context docBase="C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\solr.war"
             debug="0" crossContext="true"> 
     <Valve className="org.apache.catalina.valves.RemoteAddrValve"
            allow="," /> 
  3. Save your work and restart Tomcat.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

What’s this?

You are currently reading Securing Solr on Tomcat at Naik Vinay.


%d bloggers like this: