Mosquitto broker deny multi-level wildcard '#' subscriptions?

1
votes

I'm running Mosquitto broker (version 1.4.14) with the mosquitto-auth-plugin (HTTP backend). Clients have to authenticate with username and password and in some cases pass acl-requirements.

It seems that all authenticated users can subscribe to the topic '#' which shows all pubs to all topics.

In the ACL the wildcard # seems to be already replaced with the topic-name so I cannot deny it's subscription.

Is it possible to deny a subscription to all topics in the configuration?

If topics start with a $ chr then the issue is solved but the MQTT-spec says: 'Applications cannot use a topic with a leading $ character for their own purposes.' (4.7.2 Topics beginning with $)

1
wildcardmqttmosquitto
Users will be able to subscribe to #, but a they will only see topics that are allowed via the ACL. Please edit the question to include a sample of the ACL so we can see what you are setting. - hardillb
So it is not possible by design. I have changed the ACL so that the topic has to contain the clientid to allow pub/sub. This solved the issue. - user3097526

1 Answers

0
votes

As mentioned in the comments, clients will always be able to subscribe to a topic even if it blocked by the ACL, they will just not receive any messages on those topics.