On 07/09/2013 01:55 PM, Muhammad Bashir Al-Noimi wrote:
> On 07/09/2013 07:54 PM, Jeff Janes wrote:
>> On Tue, Jul 9, 2013 at 10:02 AM, Muhammad Bashir Al-Noimi
>> <mbnoimi@gmail.com> wrote:
>>> So may you please be more specific, what's wrong in my configurations?
>>>
>>> My pg_hba.conf content is:
>>>
>>> local all postgres peer
>>> local all all peer
>>> host all all 127.0.0.1/32 md5
>>> host all all ::1/128 md5
>>> host all all 0.0.0.0/0 md5
>>> hostssl all all 0.0.0.0/0 md5
>>> hostnossl all all 0.0.0.0/0 reject
>> The line below accepts all connections, whether ssl or nossl:
>>
>> host all all 0.0.0.0/0 md5
>>
>> It takes precedence over the reject line, as it occurs in the file
>> before the reject.
>>
>> If you remove that line, then you don't need the reject line at all.
> I commented it and restarted the server but I still get same result!
Where are you connecting from? If you are connecting locally using
sockets(local above) or host(line 3,4,5 above) then you are bypassing ssl.
>
> How can I absolutely be sure that my server rejects not ssl connections?
>
Make sure you use only hostssl not host or local. hostssl forces ssl
only connections.
pg_hba.conf is powerful but the interactions can be somewhat confusing.
It took me several passes through the docs before I began to understand.
--
Adrian Klaver
adrian.klaver@gmail.com