Would a firewall rule be an option here? It seems like that would be the best tool to control access to the broker based on IP address. Or is your use-case more complex than that?
Justin On Sun, Aug 30, 2020 at 2:19 PM Martin Lichtin <lich...@yahoo.com.invalid> wrote: > Hi > > Looking at how to best implement IP-address based access control via a > Plugin. > > I've an implementation based on "addConnection", but this method is called > way too late in the connection setup. > > Ideally there should be a hook available in TcpConnection.connect() method > to reject rogue connections as early as possible. > > Note the current behaviour is quite bad, ActiveMQ accepts connections and > doesn't drop them (client doesn't send any data), thus eventually exceeding > the maximum number of allowed client connections and resulting in DoS. > > - Martin > >
