: I am currently working on SolrCloud and its related security : configurations for securing Solr web applications using HTTP Basic : Authentication mechanism. Among the Solr nodes inside the SolrCloud : clustered env, there seem to be existing some inter-solr-node : communication issues due to the security configurations, which are the : HTTP Authentication errors. Based on my research, the patch SOLR-4470
In my opinion, your best bet to "secure" Solr is to avoid any and all involvement of Basic Auth and instead use SSL with Client certificates... https://cwiki.apache.org/confluence/display/solr/Enabling+SSL 1) Already supported in Solr today - no patches needed 2) eliminates the complexity of needing a proxy in front of solr to handle the client auth, so that the solr nodes can talk to eachother w/o auth -- and/or: having solr nodes "forward" the client auth arround. Instead each solr node authenticates the client using the client's cert, and each node authenticates itself for the inter-node requests using it's own cert. 3) much more secure then Basic-Auth headers which could be sniffed by a man-in-the-middle (you could use SSL + Basic Auth - but if you are going to enable SSL anyway, why bother with Basic Auth? just configure the client certs) -Hoss http://www.lucidworks.com/
