HTTP ACL

Plugin:

TIP

The emqx_auth_http plugin also includes authentication function, which can be disabled via comments.

EMQX Broker uses the current client related information as parameters in publish/subscribe events, initiates request permissions to user-defined authentication services, and processes ACL authentication requests through the returned HTTP statusCode .

• Authorization denied: The API returns status codes other than 200
• Authorization succeeded: API returns 200 status code
• Authorization ignored: API returns 200 status code with the message body of ignore

Basic request information, configure certificates, request headers, and retry rules of HTTP API.

When performing publish/subscribe authentication, EMQX Broker will use the current client information and initiate a user-configured ACL authorization query request to query the client’s authorization data on the HTTP server.

When the HTTP request method is GET, the request parameters will be passed in the form of a URL query string; POST and PUT requests will submit the request parameters in the form of a common form (content-type is x-www-form-urlencoded).

You can use the following placeholders in the authentication request, and EMQX Broker will be automatically populated with client information when requested:

• %u:User name
• %a:Client IP address
• %r:Client Access Protocol
• %P:Clear text password
• %p:Client Port
• %d:TLS certificate subject, valid only for TLS connections

WARING