HTTP 401: Authorization Required

An HTTP 401 response indicates that authentication credentials were missing from the request. There are two main reasons this might happen:

  1. Advanced Auth is enabled and the request did not supply the proper headers.
  2. The request is being made to a protected endpoint

Troubleshooting the Advanced Auth feature

Websolr provides a tool for limiting read and write access to an index, based on an HMAC scheme. This validates that the request is being made from an authorized entity. When Advanced Auth is enabled, requests must supply three headers with the correct values in order to be processed. Without these headers, the index will simply respond with an HTTP 401 error.

Please read the documentation on Advanced Auth for more details and examples.

Accessing a restricted endpoint

Solr provides several APIs which can be used to administer the server. Websolr blocks access to these APIs for security, performance and auditing reasons in our shared environments. Attempting to hit one of these APIs will return an HTTP 401 error.

There are two exceptions to this policy:

  • /admin/ping which is used frequently by some Solr clients to check index health. We consider this path deprecated and recommend using /ping instead.
  • /admin/luke can be used to fetch information about fields present in the index, and has been throttled with numTerms=0 to prevent a performance problem.

If your application or its Solr client depends on a restricted admin action, let us know and we can work with you to determine an alternative or audit the specific action for access.