On 07/09/2013 01:55 PM, Muhammad Bashir Al-Noimi wrote:
On 07/09/2013 07:54 PM, Jeff Janes wrote:
On Tue, Jul 9, 2013 at 10:02 AM, Muhammad Bashir Al-Noimi
<mbnoimi@xxxxxxxxx> wrote:
So may you please be more specific, what's wrong in my configurations?
My pg_hba.conf content is:
local all postgres peer
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
host all all 0.0.0.0/0 md5
hostssl all all 0.0.0.0/0 md5
hostnossl all all 0.0.0.0/0 reject
The line below accepts all connections, whether ssl or nossl:
host all all 0.0.0.0/0 md5
It takes precedence over the reject line, as it occurs in the file
before the reject.
If you remove that line, then you don't need the reject line at all.
I commented it and restarted the server but I still get same result!
Where are you connecting from? If you are connecting locally using
sockets(local above) or host(line 3,4,5 above) then you are bypassing ssl.
How can I absolutely be sure that my server rejects not ssl connections?
Make sure you use only hostssl not host or local. hostssl forces ssl
only connections.
pg_hba.conf is powerful but the interactions can be somewhat confusing.
It took me several passes through the docs before I began to understand.
--
Adrian Klaver
adrian.klaver@xxxxxxxxx
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
