Rabbitmq-auth-backend-ip-range link is community plugin for client authorization based on source IP address. With this community plugin, we can restrict access to client on the basis of IP address
Steps To configure plugin in rabbitmq version 3.6.X
- wget https://dl.bintray.com/rabbitmq/community-plugins/3.6.x/rabbitmq_auth_backend_ip_range/rabbitmq_auth_backend_ip_range-20180116-3.6.x.zip
- unzip content to /usr/lib/rabbitmq/lib/rabbitmq_server-3.x/plugins
- Enable plugin:
rabbitmq-plugins enable rabbitmq_auth_backend_ip_range - Set a custom tag to which this plugin will block for certain IP address
- rabbitmqctl set_user_tags custom_user custom_tag
- Configure rabbitmqctl configuration file
- vi /etc/rabbitmq/rabbitmq.config
[ {rabbit, [ {tcp_listeners, [5672]}, {auth_backends, [ {rabbit_auth_backend_internal, [rabbit_auth_backend_internal, rabbit_auth_backend_ip_range] } ] } ]}, {rabbitmq_auth_backend_ip_range, [ {tag_masks, [{'customtag', [<<"::FFFF:172.xx.xx.xxx">>]}]}, {default_masks, [<<"::0/0">>]} ]} ].
- this configuration will effect in such a way that the user with tag
customtagwill able to connect to rabbitmq server with IP address 172.xx.xx.xxx and all other tags can access from any IP address - sudo service rabbitmq-server restart