| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Muhammad Bashir Al-Noimi <mbnoimi(at)gmail(dot)com> |
| Cc: | Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Force ssl connection |
| Date: | 2013-07-09 17:54:56 |
| Message-ID: | CAMkU=1ytM8pQ0m4-xJfBtgweTYeLCneMNn5HaNjg71rP+p=2Xw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Jul 9, 2013 at 10:02 AM, Muhammad Bashir Al-Noimi
<mbnoimi(at)gmail(dot)com> wrote:
>
> So may you please be more specific, what's wrong in my configurations?
>
> My pg_hba.conf content is:
>
> local all postgres peer
> local all all peer
> host all all 127.0.0.1/32 md5
> host all all ::1/128 md5
> host all all 0.0.0.0/0 md5
> hostssl all all 0.0.0.0/0 md5
> hostnossl all all 0.0.0.0/0 reject
The line below accepts all connections, whether ssl or nossl:
host all all 0.0.0.0/0 md5
It takes precedence over the reject line, as it occurs in the file
before the reject.
If you remove that line, then you don't need the reject line at all.
AFAICT, having a reject as the last line in the file is useless.
Anything that has reached that point is going to be rejected anyway.
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2013-07-09 20:20:24 | Re: pg 9.2.4 dblink |
| Previous Message | Mike Christensen | 2013-07-09 17:31:04 | Re: function with unknown params |