rabbitmq-management plugin HTTP API - Security concerns

Question

I want to enable RabbitMQ Management plugin on my production environment, but I'm not sure about the security concerns this might bring. I already have a few applications connected to the RMQ, and hence can't change the credentials now (I'm using default).

Could anyone shed some light on this? I want to know what all things I might need to worry about and what I could do to minimise vulnerabilities.

Thanks!

Answer 1

Management Plugin use credentials , which is enough for most cases unless you want it to be accessible from outside. At this case iptables is your friend. In addition you can proxy HTTP api and management interface via nginx (or apache) and use additional security layer like basic auth.

If you are a bit paranoid (like me) you can combine all 3 methods to have more protection (and have non-trivial access to your management interface from non-usual locations like free wifi zone in airport when flow control get applied ont your server, but this is quite unusual situation).

UPD:

Note: if your application is badly-designed and mix routine job with management job under same account you may get into some troubles. I suggest you management plugin Permission section for further reading.

Usually, separate account for application and management job, as well as disabling default guest account (for outside only or in general) is the best choice from security point of view.

If you are forced to use default guest account you can disable management plugin for it and create separate account for administration only. In fact in recent RabbitMQ version it is disabled for accessing from outside.

To do this, firs create administration user (account with administrator tag), make sure it works and then update guest use by removing all tags it has (actually, removing administrator tag is the only one set by default for guest account).

Here is a pic of default guest account with note what to remove.