Home > mailing lists

Re: proper pg_hba config to require ssl from non-local/private ips - Mailing list pgsql-admin

From	Frank Gard
Subject	Re: proper pg_hba config to require ssl from non-local/private ips
Date	October 19, 2022 19:26:56
Msg-id	fb8768ca-6d01-b7f6-57fb-d04ad089dd80@familie-gard.de Whole thread Raw
In response to	Re: proper pg_hba config to require ssl from non-local/private ips (Jeff Janes <jeff.janes@gmail.com>)
Responses	Re: proper pg_hba config to require ssl from non-local/private ips (Jeff Janes <jeff.janes@gmail.com>)
List	pgsql-admin

Tree view

Hi Jeff,

Am 19.10.22 um 17:47 schrieb Jeff Janes:

On Wed, Oct 19, 2022 at 8:50 AM Matthew Lenz <mlenz@nocturnal.org> wrote:
This is what I've got currently but it's still allowing non-ssl connections from remote (non-local/private) hosts. Any thoughts?

Did you reload the server configurations after changing the file? What is the address of that non-local host, as seen by the server? (you can check the first with `select * from pg_hba_file_rules`,

unfortunately that's not true, at least up to Pg v14 (I don't know if they've changed this IMHO "unexpected" behaviour in the meantime). The pg_hba_file_rules seems to be just an SQL frontend to the hba-file's content and does not(!) reflect the currently active configuration. So you can see your changes before the are activated, e.g. by calling pg_reload_conf().

[…]

Cheers,
Frank.

pgsql-admin by date:

From: Matthew Lenz
Date: 19 October 2022, 19:26:20
Subject: Re: proper pg_hba config to require ssl from non-local/private ips

From: Matthew Lenz
Date: 19 October 2022, 19:29:26
Subject: Re: proper pg_hba config to require ssl from non-local/private ips

Re: proper pg_hba config to require ssl from non-local/private ips - Mailing list pgsql-admin

Previous

Next