From: | Adam Witney <awitney(at)sgul(dot)ac(dot)uk> |
---|---|
To: | Scott Marlowe <smarlowe(at)g2switchworks(dot)com> |
Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Distinguishing between connections in pg_hba.conf |
Date: | 2005-05-16 20:05:44 |
Message-ID: | BEAEBBA8.4628C%awitney@sgul.ac.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 16/5/05 8:17 pm, "Scott Marlowe" <smarlowe(at)g2switchworks(dot)com> wrote:
> On Mon, 2005-05-16 at 07:35, Adam Witney wrote:
>> Hi,
>>
>> I have a web application (PHP) which runs on its own box, and connects to a
>> database on a second box. The database box is behind the firewall and only
>> accepts connections from the web server.
>>
>> I have set up stunnel on the web server and I would like to allow some
>> limited external direct access to the db server, but I would like
>> connections from stunnel to only access a specific database. The problem is
>> that both the web server and the stunnel connections will come from the same
>> box, and hence the same IP address, is there anyway I can distinguish
>> between these two connection methods in pg_hba.conf? (I can't do it on
>> username either)
>
> Add an alias to each machine's ethernet card, along with a name. So, if
> you've got 10.1.1.1 as the IP on the web server and 10.2.1.1 on the db
> server, add 10.1.1.2 and 10.2.1.2 on each respectively, and give them
> some similar name, like web02 and db02 if their names are web01 and
> db01. Set up routes to use the other IP addresses with those names and
> you should be able to do it.
>
> I haven't fleshed it out step by step, but you get the basic idea,
> right?
Hi,
Thanks for your reply.
So I see how you add an extra IP address to the web server box, but how do
you assign it so that requests from apache appear on the db box as one IP
address, and requests coming through stunnel appear as the second IP
address?
Thanks again
Adam
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From | Date | Subject | |
---|---|---|---|
Next Message | Ragnar Hafstað | 2005-05-16 20:10:00 | Re: is in postgres solution |
Previous Message | Bruno Wolff III | 2005-05-16 19:49:26 | Re: is in postgres solution |