[rabbitmq-discuss] Preventing DoS in a multi-tenant Rabbit deployment

Michael Klishin mklishin at gopivotal.com
Wed Apr 23 10:57:37 BST 2014


On 23 April 2014 at 11:22:29, Tomasz Janczuk (tjanczuk33 at gmail.com) wrote:
> > What is the best mechanism to prevent authenticated DoS attacks  
> in a multi-tenant Rabbit deployment? Is there one?
>  
> By authenticated DoS attack I mean an attack in which an authenticated  
> tenant causes a level of resource consumption in a Rabbit deployment  
> that prevents other tenants from using the service or severely  
> degrades the performance.

Use HTTP API to monitor connections, close all but 1 (or however many you want)
from a username that has too many of them. I’m pretty sure that’s how
hosted RabbitMQ services (e.g. CloudAMQP) do it. 
--  
MK  

Software Engineer, Pivotal/RabbitMQ


More information about the rabbitmq-discuss mailing list