You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by Martin Lichtin <li...@yahoo.com.INVALID> on 2020/09/02 15:55:53 UTC

Re: Re: ActiveMQ - low-level access control and rejecting connections

Yes. 5.15.13. It may be an issue with the SSL connector only.

https://issues.apache.org/jira/browse/AMQ-8030
https://issues.apache.org/jira/browse/AMQ-8031

- Martin

On 31.08.2020 06:08, Jean-Baptiste Onofre wrote:
> Hi,
>
> I guess you are talking about TCP/OpenWire transport connector.
>
> Which ActiveMQ version are you talking ?
>
> I remember to have fixed closing of connection in 5.15.13 AFAIR.
>
> Can you please create two Jira (one for the connect hook, one for connection leaking) ? I will take a look.
>
> Regards
> JB
>
>> Le 30 août 2020 à 21:19, Martin Lichtin <li...@yahoo.com.INVALID> a écrit :
>>
>> Hi
>>
>> Looking at how to best implement IP-address based access control via a Plugin.
>>
>> I've an implementation based on "addConnection", but this method is called way too late in the connection setup.
>>
>> Ideally there should be a hook available in TcpConnection.connect() method to reject rogue connections as early as possible.
>>
>> Note the current behaviour is quite bad, ActiveMQ accepts connections and doesn't drop them (client doesn't send any data), thus eventually exceeding the maximum number of allowed client connections and resulting in DoS.
>>
>> - Martin