Re: Force ssl connection
| От | Adrian Klaver |
|---|---|
| Тема | Re: Force ssl connection |
| Дата | |
| Msg-id | 51DC7D93.3040602@gmail.com обсуждение исходный текст |
| Ответ на | Re: Force ssl connection (Muhammad Bashir Al-Noimi <mbnoimi@gmail.com>) |
| Ответы |
Re: Force ssl connection
|
| Список | pgsql-general |
On 07/09/2013 01:55 PM, Muhammad Bashir Al-Noimi wrote: > On 07/09/2013 07:54 PM, Jeff Janes wrote: >> On Tue, Jul 9, 2013 at 10:02 AM, Muhammad Bashir Al-Noimi >> <mbnoimi@gmail.com> wrote: >>> So may you please be more specific, what's wrong in my configurations? >>> >>> My pg_hba.conf content is: >>> >>> local all postgres peer >>> local all all peer >>> host all all 127.0.0.1/32 md5 >>> host all all ::1/128 md5 >>> host all all 0.0.0.0/0 md5 >>> hostssl all all 0.0.0.0/0 md5 >>> hostnossl all all 0.0.0.0/0 reject >> The line below accepts all connections, whether ssl or nossl: >> >> host all all 0.0.0.0/0 md5 >> >> It takes precedence over the reject line, as it occurs in the file >> before the reject. >> >> If you remove that line, then you don't need the reject line at all. > I commented it and restarted the server but I still get same result! Where are you connecting from? If you are connecting locally using sockets(local above) or host(line 3,4,5 above) then you are bypassing ssl. > > How can I absolutely be sure that my server rejects not ssl connections? > Make sure you use only hostssl not host or local. hostssl forces ssl only connections. pg_hba.conf is powerful but the interactions can be somewhat confusing. It took me several passes through the docs before I began to understand. -- Adrian Klaver adrian.klaver@gmail.com
В списке pgsql-general по дате отправления: