Re: How to deny access to Postgres when connected from host/non-local
| От | Joe Conway |
|---|---|
| Тема | Re: How to deny access to Postgres when connected from host/non-local |
| Дата | |
| Msg-id | b9947839-0178-1bb0-29c6-cd316ab6ea8d@joeconway.com обсуждение исходный текст |
| Ответ на | How to deny access to Postgres when connected from host/non-local ("A. Reichstadt" <lxr@me.com>) |
| Ответы |
Re: How to deny access to Postgres when connected from host/non-local
|
| Список | pgsql-general |
On 4/2/21 7:06 PM, A. Reichstadt wrote: > Hello, > > I try to deny access to all databases on my server if the user “postgres" tries > to connect from a non-local host. Here is what I did in pg_hba.conf: > > > # TYPE DATABASE USER ADDRESS METHOD > > # "local" is for Unix domain socket connections only > local all all md5 > # IPv4 local connections: > host all all 127.0.0.1/32 md5 > # IPv6 local connections: > host all all ::1/128 md5 > # Allow replication connections from localhost, by a user with the > # replication privilege. > local replication all md5 > host replication all 127.0.0.1/32 md5 > host replication all ::1/128 md5 > host all all 0.0.0.0/0 md5 > local all postgres trust > host all postgres 0.0.0.0/0 reject > > > But it continues to allow for Postgres to connect from anywhere through PGAdmin > but also as a direct connection to port 5432. I also relaunched the server. This > is version 12. > > What else do I have to do? > > Thanks for any help. See: https://www.postgresql.org/docs/13/auth-pg-hba-conf.html In particular: "Each record specifies a connection type, a client IP address range (if relevant for the connection type), a database name, a user name, and the authentication method to be used for connections matching these parameters. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication." So your reject line is never being reached. HTH, Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
В списке pgsql-general по дате отправления: