Home > mailing lists

Re: Force ssl connection - Mailing list pgsql-general

From	Jeff Janes
Subject	Re: Force ssl connection
Date	July 9, 2013 20:55:09
Msg-id	CAMkU=1ytM8pQ0m4-xJfBtgweTYeLCneMNn5HaNjg71rP+p=2Xw@mail.gmail.com Whole thread Raw
In response to	Re: Force ssl connection (Muhammad Bashir Al-Noimi <mbnoimi@gmail.com>)
Responses	Re: Force ssl connection
List	pgsql-general

Tree view

On Tue, Jul 9, 2013 at 10:02 AM, Muhammad Bashir Al-Noimi
<mbnoimi@gmail.com> wrote:
>
> So may you please be more specific, what's wrong in my configurations?
>
> My pg_hba.conf content is:
>
> local   all             postgres                                peer
> local   all             all                                     peer
> host    all             all             127.0.0.1/32            md5
> host    all             all             ::1/128                 md5
> host    all     all     0.0.0.0/0       md5
> hostssl all     all     0.0.0.0/0       md5
> hostnossl        all     all     0.0.0.0/0       reject

The line below accepts all connections, whether ssl or nossl:

host    all     all     0.0.0.0/0       md5

It takes precedence over the reject line, as it occurs in the file
before the reject.

If you remove that line, then you don't need the reject line at all.

AFAICT, having a reject as the last line in the file is useless.
Anything that has reached that point is going to be rejected anyway.

Cheers,

Jeff

pgsql-general by date:

From: Mike Christensen
Date: 09 July 2013, 20:31:11
Subject: Re: function with unknown params

From: Jerry Sievers
Date: 09 July 2013, 21:06:30
Subject: Dump/Reload pg_statistic to cut time from pg_upgrade?

Re: Force ssl connection - Mailing list pgsql-general

Previous

Next