From: | John Scalia <jayknowsunix(at)gmail(dot)com> |
---|---|
To: | Sathesh S <Sathesh(dot)Sundaram(at)hotmail(dot)com> |
Cc: | "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: Basic question on 'reject' auth-method in pg_hba.conf |
Date: | 2016-11-30 16:52:14 |
Message-ID: | CABzCKRB5yCYQB5AsSDDtzXxKMs5x61BU0OTbDYaAUCj1VTqjqA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Yes, you'll need to make 2 entries like you shown as no CIDR that I know of
other than 0.0.0.0/0 would block both of those, and obviously you do NOT
want to block everyone which 0.0.0.0/0 would do. The entries are scanned
during a connection attempt, so if your test user is coming from a
different IP address than these two, there needs to be another entry
permitting that.
--
Jay
On Wed, Nov 30, 2016 at 11:36 AM, Sathesh S <Sathesh(dot)Sundaram(at)hotmail(dot)com>
wrote:
> Hello All,
>
>
> I'm new to postgresql, I have a basic question in using the 'reject'
> auth-method in pg_hba.conf.
>
> I would like to reject a particular login from multiple range of IP
> addresses.
>
>
> For example:
>
>
> I want to reject login "test" from multiple IP ranges "100.101.13.0" &
> "200.101.13.0"
>
>
> My questions:
>
>
> 1. Do I need to make separate entires like below ones or can I separate
> the IP address range using comma?
>
>
> "host all test 100.101.13.0 reject"
>
> "host all test 200.101.13.0 reject"
>
> 2. If I make multiple entries to reject as above, how will it be treated,
> will the system read all the entries for the "test" login or will it stop
> after it finds the 1st entry for "test" login?
>
> Can you please help with above questions.
>
>
> Thanks,
>
> Sathesh
>
From | Date | Subject | |
---|---|---|---|
Next Message | Sathesh S | 2016-12-01 05:11:12 | Re: Basic question on 'reject' auth-method in pg_hba.conf |
Previous Message | Sathesh S | 2016-11-30 16:36:40 | Basic question on 'reject' auth-method in pg_hba.conf |