Wednesday, March 2, 2011

Setting Security in Solr running on Jetty using IP Filtering

We're are using Jetty as a container for Solr and we've been configuring it heavily first for setting it up as a service and later for adding security. We considered the following options for securing the Solr instance

1. IP Filtering
2. Basic Username/Password authentication

We eventually went with IP filtering. IP filtering can be achieved by using the HTAccessHandler. To use the handler you need a .htaccess file which tells Jetty which IPs to allow or block. So your .htaccess file will look

satisfy all
order deny, allow
deny from all
allow from

Allowing from localhost or doesn't work in Jetty 6 and I don't think Mortbay is supporting Jetty 6 anymore. With out of the box Solr configuration, Jetty explodes the solr.war file in the webapps folder to load Solr. However, I unzipped the war file (which is essentially a zip file) in to folder named solr in the webapps folder.

Next, you need to create a solr.xml file that tells Jetty to load a custom context.

<Configure id="solr" class="org.mortbay.jetty.webapp.WebAppContext">
    <Set name="resourceBase"><SystemProperty name="jetty.home" default="."/>/webapps/solr</Set>
    <Set name="contextPath">/solr</Set>
    <Call name="setSecurityHandler">
            <New class="">
                <Set name="protegee">
                    <Ref id="solr"/>
You can place this file in webapps/solr

Now comment out the redundant deployer org.mortbay.jetty.deployer.WebAppDeployer in etc/jetty.xml. Now, start up solr using java -jar start.jar and you now have a secure Solr instance.


  1. doesnt work for me :((

  2. Are you trying to access from localhost? What exactly is the problem?