Protecting Solr over HTTP

Last updated Monday, April 16, 2018 in Sitecore Experience Platform for Developer, Administrator

If you protect the Solr admin page with a user name and a password, you must configure Sitecore to use basic authentication when it makes a Solr request over HTTP.


When Sitecore starts, it makes a Solr request to check that Solr is up and running.

You can control how Sitecore communicates with Solr by specifying the implementation of the IHttpWebRequestFactory interface of SolrNet that Sitecore uses.

You specify the implementation by patching the Sitecore.ContentSearch.DefaultSolrConfiguration.config file. The factory class for Solr HTTP requests is in the <solrHttpWebRequestFactory type="HttpWebAdapters.HttpWebRequestFactory, SolrNet" /> node.

SolrNet provides the following default implementations:

If you, for example, want to support basic authentication for accessing Solr, you must specify the solrHttpWebRequestFactory value in the following way:

<solrHttpWebRequestFactory type="HttpWebAdapters.BasicAuthHttpWebRequestFactory, SolrNet">
      <param hint="username">USERNAME</param>
      <param hint="password">PASSWORD</param>

where you specify the Solr USERNAME and PASSWORD that Sitecore uses in the HTTP request.

Send feedback about the documentation to