April 13, 2021

By default, Solr has no Authentication or Authorization configured which is convenient for development but dangerous for deployment. Once a Solr cluster has been configured to limit access via Authentication and Authorization, credentials are required for any access of the system.

However, it is possible to restrict access to most features of a Solr cluster while leaving specific endpoints available for anonymous use.

Allowing Anonymous Access to Solr

First, you need to allow anonymous access to Solr by disabling the blockUnknown configuration parameter using the Authentication API. Simply set blockUnknown to false using the authentication endpoint on the instance:

echo '{"set-property": {"blockUnknown":false}}' | http 'https://solr.aaronwalker.dev:8983/solr/admin/authentication'

Once this is disabled, anonymous users can make requests to the Solr instance.

Granting Anonymous Users Access to Specific Endpoints

Explicit access must be granted to endpoints before anonymous users can use those endpoints as the existing Authorization configuration will likely block them.

For example, setting the following permission configuration using the Authorization API will grant anonymous users access to the “select” endpoint by specifying the special “null” role.

  "set-permission": {
    "name": "anonymous_select",
    "path": "/select/*",
    "role": null

echo '{"set-permission": {"name": "anonymous_select","path": "/select/*","role": null}}' | http 'https://solr.aaronwalker.dev:8983/solr/admin/authorization'