proper pg_hba config to require ssl from non-local/private ips

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is what I've got currently but it's still allowing non-ssl connections from remote (non-local/private) hosts. Any thoughts?

local   all             all                                     trust
host    all             all             127.0.0.1/32            trust
host    all             all             ::1/128                 trust
host    all             all             10.0.0.0/8              md5
host    all             all             172.16.0.0/12           md5
hostssl all             all             all                     md5 clientcert=verify-ca

Also when I require SSL on the client it allows SSL connections without a CA signed cert which I thought clientcert=verify-ca in this pg_hba should require.
[Index of Archives]     [Postgresql Home]     [Postgresql General]     [Postgresql Performance]     [Postgresql PHP]     [Postgresql Jobs]     [PHP Users]     [PHP Databases]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Forum]

  Powered by Linux