Similarly to per-virtual host resource limits, it is possible to limit how many connections and channels a specific user can open.
These limits can be used as guard rails in environments where applications cannot be trusted and monitored in detail, for example, when RabbitMQ clusters are offered as a service.
The limits can be configured using rabbitmqctl set_user_limits or the HTTP API.
To limit how many connection a user can open, set the max-connections limit to a positive integer:
rabbitmqctl set_user_limits user1 '{"max-connections": 10}'
To set the limit over the HTTP API, use the following endpoint:
PUT /api/user-limits/{username}/{limit}
and a request body like this:
{"value": 20}
Here is an example that uses curl:
# using the HTTP API curl -v -u guest:guest -X PUT http://localhost:15672/api/user-limits/user1/max-connections \ -H "content-type: application/json" \ -d @- <<EOF { "value": 20 } EOF
To limit how many channels, in total, a user can open, set the max-channels limit to a positive integer:
# using CLI tools rabbitmqctl set_user_limits guest '{"max-connections": 10, "max-channels": 20}'
To set the limit over the HTTP API, use the following endpoint:
PUT /api/user-limits/{username}/{limit}
and a request body like this:
{"value": 20}
Here is an example that uses curl to set a limit for user user1:
# using the HTTP API curl -v -u guest:guest -X PUT http://localhost:15672/api/user-limits/user1/max-channels \ -H "content-type: application/json" \ -d @- <<EOF { "value": 20 } EOF
The limit is applied to the total number of channels across all connections opened by the user. Therefore, it must be equal or greater than that the aforementioned maximum connection limit.
To clear all limits for a user, use rabbitmqctl clear_user_limits or the HTTP API.
Here are some examples that clear all limits for user user1:
# clears the maximum number of connections limit rabbitmqctl clear_user_limits user1 'max-connections' # clears the maximum number of channels limit rabbitmqctl clear_user_limits user1 'max-channels' # clears all limits in a single operation rabbitmqctl clear_user_limits user1 all
To clear the limit over the HTTP API, use the following endpoint:
DELETE /api/user-limits/{username}/{limit}
without a request body.
Here is an example that uses curl to clear all limits of user user1:
# using the HTTP API curl -v -u guest:guest -X DELETE http://localhost:15672/api/user-limits/user1/max-channels curl -v -u guest:guest -X DELETE http://localhost:15672/api/user-limits/user1/max-connections
If you have questions about the contents of this guide or any other topic related to RabbitMQ, don't hesitate to ask them using GitHub Discussions or our community Discord server.
If you'd like to contribute an improvement to the site, its source is available on GitHub. Simply fork the repository and submit a pull request. Thank you!