diff --git a/deps/rabbitmq_stream/BUILD.bazel b/deps/rabbitmq_stream/BUILD.bazel
index 2018bef39ceb..9e0b528ecfcd 100644
--- a/deps/rabbitmq_stream/BUILD.bazel
+++ b/deps/rabbitmq_stream/BUILD.bazel
@@ -36,7 +36,8 @@ APP_ENV = """[
 	{frame_max, 1048576},
 	{heartbeat, 60},
 	{advertised_host, undefined},
-	{advertised_port, undefined}
+	{advertised_port, undefined},
+	{advertise_localhost_to_localhost_clients, true}
 ]"""
 
 all_beam_files(name = "all_beam_files")
diff --git a/deps/rabbitmq_stream/Makefile b/deps/rabbitmq_stream/Makefile
index e63a7ab94733..74bdeffc6242 100644
--- a/deps/rabbitmq_stream/Makefile
+++ b/deps/rabbitmq_stream/Makefile
@@ -16,7 +16,8 @@ define PROJECT_ENV
 	{frame_max, 1048576},
 	{heartbeat, 60},
 	{advertised_host, undefined},
-	{advertised_port, undefined}
+	{advertised_port, undefined},
+	{advertise_localhost_to_localhost_clients, true}
 ]
 endef
 
diff --git a/deps/rabbitmq_stream/priv/schema/rabbitmq_stream.schema b/deps/rabbitmq_stream/priv/schema/rabbitmq_stream.schema
index 0a4fc277accb..3fd9466b60d9 100644
--- a/deps/rabbitmq_stream/priv/schema/rabbitmq_stream.schema
+++ b/deps/rabbitmq_stream/priv/schema/rabbitmq_stream.schema
@@ -184,6 +184,10 @@ end}.
     {datatype, integer}
 ]}.
 
+{mapping, "stream.advertise_localhost_to_localhost_clients", "rabbitmq_stream.advertise_localhost_to_localhost_clients", [
+    {datatype, {enum, [true, false]}}
+]}.
+
 {mapping, "stream.advertised_host", "rabbitmq_stream.advertised_host", [
     {datatype, string}
 ]}.
diff --git a/deps/rabbitmq_stream/src/rabbit_stream.erl b/deps/rabbitmq_stream/src/rabbit_stream.erl
index 40c612bc8d83..16f90d086f85 100644
--- a/deps/rabbitmq_stream/src/rabbit_stream.erl
+++ b/deps/rabbitmq_stream/src/rabbit_stream.erl
@@ -23,6 +23,7 @@
          tls_host/0,
          port/0,
          tls_port/0,
+         advertise_localhost_to_localhost_clients/0,
          kill_connection/1]).
 -export([stop/1]).
 -export([emit_connection_info_local/3,
@@ -119,6 +120,9 @@ tls_port_from_listener() ->
                     undefined, Listeners),
     Port.
 
+advertise_localhost_to_localhost_clients() ->
+    application:get_env(rabbitmq_stream, advertise_localhost_to_localhost_clients, true).
+
 stop(_State) ->
     ok.
 
diff --git a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl
index bb53e5c70efe..c45f592265a0 100644
--- a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl
+++ b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl
@@ -1542,12 +1542,22 @@ handle_frame_pre_auth(Transport,
                                                      VirtualHost,
                                                      {socket, S},
                                                      #{}),
+            ClientUsesLoopback = rabbit_net:is_loopback(S),
+            ShouldAdvertiseLoopback = rabbit_stream:advertise_localhost_to_localhost_clients(),
             AdvertisedHost =
-                case TransportLayer of
-                    tcp ->
-                        rabbit_stream:host();
-                    ssl ->
-                        rabbit_stream:tls_host()
+                case {ClientUsesLoopback, ShouldAdvertiseLoopback} of
+                    %% if the user originally connects from localhost, advertise localhost as the connection
+                    %% hostname: connecting using a non-local hostname
+                    %% will fail the loopback check. See rabbitmq/rabbitmq-server#9424
+                    {true, true} ->
+                        <<"localhost">>;
+                    {_, _} ->
+                        case TransportLayer of
+                            tcp ->
+                                rabbit_stream:host();
+                            ssl ->
+                                rabbit_stream:tls_host()
+                        end
                 end,
             AdvertisedPort =
                 case TransportLayer of