| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jan Ogrodowczyk <Jan(dot)Ogrodowczyk(at)qlik(dot)com> |
| Cc: | "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: Postgres 9.6.1 accepts connections from not allowed Ip addresses |
| Date: | 2016-11-17 14:35:41 |
| Message-ID: | 9280.1479393341@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Jan Ogrodowczyk <Jan(dot)Ogrodowczyk(at)qlik(dot)com> writes:
> Hi, I wanted to report a bug that I found while using postgres 9.6.1.
> Summary: The database accepts connections from addresses that were previously allowed but later on have been excluded in the postgresql.conf & pg_hba.conf files.
It seems highly likely to me that this report is pilot error.
The simplest explanation is that you edited the wrong config files.
You could try "show config_file" and "show hba_file" while connected
to the running server to see where it's getting its configuration from.
Also, when changing listen_addresses, you could use "show
listen_addresses" to verify that your changes took effect. (Unfortunately
there's not currently any direct way to see the active pg_hba entries,
though we're working on that.)
A different line of thought is that maybe the connections are not coming
from where you think they are; for example ipv4 vs ipv6 addresses. You
could check into that by activating log_connections and seeing what gets
logged about the unwanted connections.
Also, don't forget that pg_hba lines are order-sensitive --- you need to
put "reject" entries before anything else that could possibly match the
incoming connection.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2016-11-17 15:45:35 | Re: Postgres 9.6.1 accepts connections from not allowed Ip addresses |
| Previous Message | Jan Ogrodowczyk | 2016-11-17 10:58:52 | Postgres 9.6.1 accepts connections from not allowed Ip addresses |