RabbitMQ supports many protocols and plugins; secure defaults and strict access policy are essential.
¶ Auth, TLS, and Access Policy
- Use TLS for all client and cluster links.
- Remove default guest/guest access for non-local use.
- Apply virtual host and permission scoping per application.
¶ Management and Plugin Hardening
- Restrict management UI/API to admin networks.
- Enable only required plugins.
- Rotate credentials and certificates on schedule.
¶ Capacity and Abuse Controls
- Set queue/message limits to protect broker stability.
- Monitor connection churn, auth failures, and unacked message spikes.
- Review dead-letter queue growth patterns regularly.