No Solr API, including the Admin UI, is designed to be exposed to non-trusted parties. Tune your firewall so that only trusted computers and people are allowed access. Because of this, the project will not regard e.g., Admin UI XSS issues as security vulnerabilities. However, we still ask you to report such issues in JIRA.
When planning how to secure Solr, you should consider which of the available features or approaches are right for you:
Encrypting traffic to/from Solr and between Solr nodes prevents sensitive data to be leaked out on the network. TLS is also normally a requirement to prevent credential sniffing when using Authentication.
See the section Enabling SSL for details.
Use the Security UI screen in the Admin UI to manage users, roles, and permissions.
See section Configuring Authentication and Authorization to learn how to work with the
Authentication makes sure you know the identity of your users. The authentication plugins that ship with Solr are:
Audit logging will record an audit trail of incoming reqests to your cluster, such as users being denied access to admin APIs. Learn more about audit logging and how to implement an audit logger plugin in the section Audit Logging.
Restrict network access to specific hosts, by setting
SOLR_IP_DENYLIST via environment variables or in
# Allow IPv4/IPv6 localhost, the 192.168.0.x IPv4 network, and 2000:123:4:5:: IPv6 network.
SOLR_IP_ALLOWLIST="127.0.0.1, [::1], 192.168.0.0/24, [2000:123:4:5::]/64"
# Explicitly deny access to two problematic hosts.
ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure its content is covered in the section ZooKeeper Access Control.
Administrators should consider their security setup carefully as an important step in moving to production. Solr provides a number of features out of the box to meet the security needs of users: authentication and authorization can be configured using a range of security plugins, privacy can be bolstered by enabling SSL/TLS, and (in SolrCloud) ZooKeeper data can be protected with ACL rules to prevent unauthorized reads and writes.
Even if these measures or others are taken, it is strongly recommended that Solr always be protected by a firewall. Solr is not designed to be exposed on the open internet.
It is also strongly recommended that Solr listen to only those network interfaces that are strictly required.
To prevent administrators from unintentionally exposing Solr more broadly, Solr only listens on the loopback interface ("127.0.0.1") by default.
Most deployments will need to change this value to something less restrictive so that it can be reached from other boxes.
This can be done by setting a
SOLR_JETTY_HOST value in your environment’s "include script" (