From f159e081fa2323337ddb0bff3d1961e85552cd11 Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Thu, 9 Jun 2022 10:46:09 +0800
Subject: [PATCH] fix: deny all subscribes to '#' topics in the default
 acl.conf

---
 apps/emqx_authz/etc/acl.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/emqx_authz/etc/acl.conf b/apps/emqx_authz/etc/acl.conf
index a1cfd41d3..d39490d46 100644
--- a/apps/emqx_authz/etc/acl.conf
+++ b/apps/emqx_authz/etc/acl.conf
@@ -26,3 +26,7 @@
 {allow, {username, "^dashboard?"}, subscribe, ["$SYS/#"]}.
 
 {allow, {ipaddr, "127.0.0.1"}, all, ["$SYS/#", "#"]}.
+
+{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
+
+{allow, all}.