On 4/2/21 7:06 PM, A. Reichstadt wrote:
Hello,
I try to deny access to all databases on my server if the user “postgres" tries
to connect from a non-local host. Here is what I did in pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all md5
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 0.0.0.0/0 md5
local all postgres trust
host all postgres 0.0.0.0/0 reject
But it continues to allow for Postgres to connect from anywhere through PGAdmin
but also as a direct connection to port 5432. I also relaunched the server. This
is version 12.
What else do I have to do?
Thanks for any help.
See:
https://www.postgresql.org/docs/13/auth-pg-hba-conf.html
In particular:
"Each record specifies a connection type, a client IP
address range (if relevant for the connection type),
a database name, a user name, and the authentication
method to be used for connections matching these
parameters. The first record with a matching
connection type, client address, requested database,
and user name is used to perform authentication."
So your reject line is never being reached.
HTH,
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
