Jan Ogrodowczyk <Jan.Ogrodowczyk@qlik.com> writes:
> Hi, I wanted to report a bug that I found while using postgres 9.6.1.
> Summary: The database accepts connections from addresses that were previ=
ously allowed but later on have been excluded in the postgresql.conf & pg=
_hba.conf files.
It seems highly likely to me that this report is pilot error.
The simplest explanation is that you edited the wrong config files.
You could try "show config_file" and "show hba_file" while connected
to the running server to see where it's getting its configuration from.
Also, when changing listen_addresses, you could use "show
listen_addresses" to verify that your changes took effect. (Unfortunately
there's not currently any direct way to see the active pg_hba entries,
though we're working on that.)
A different line of thought is that maybe the connections are not coming
from where you think they are; for example ipv4 vs ipv6 addresses. You
could check into that by activating log_connections and seeing what gets
logged about the unwanted connections.
Also, don't forget that pg_hba lines are order-sensitive --- you need to
put "reject" entries before anything else that could possibly match the
incoming connection.
regards, tom lane