Reputation: 4675
How to configure PostgreSQL to accept all incoming connections except postgres / admin
My question is how to configure it so that non-admin (non-postgres) accounts can login from the internet but the admin (postgres) user is only allowed from localhost or a limited IP range. What entries in the pg_hba.conf that let me set this up? I already have set this up in postgresql.conf:
listen_addresses = '*'
I also have added the line to my pg_hba.conf to allow log in from the wide open world:
host all all 0.0.0.0/0 md5
But now the postgres use can log in from any address which is not what I want :(
I have seen a number of places that talk about how to open up PostgreSQL for connections from any address like: https://dba.stackexchange.com/questions/83984/connect-to-postgresql-server-fatal-no-pg-hba-conf-entry-for-host but no questions that open it up and lock down the postgres user.
Upvotes: 1
Views: 1292
Answers (1)
Reputation: 7882
Try:
# "local" is for Unix domain socket connections only
local all postgres trust
# IPv4 local connections:
host all postgres 0.0.0.0/0 reject
host all all 0.0.0.0/0 md5
Upvotes: 2
Related Questions
- How to configure PostgreSQL to accept all incoming connections
- in postgres, editing pg_hba.conf didnt enable passwordless login
- Postgresql remote access no pg_hba.conf entry for host
- How to allow PostgreSQL server connections from anywhere?
- Cannot connect to postgres database even with 'trust' settings
- What permissions are needed in the stock pg_hba.conf file to allow a database role to get in?
- How to configure the pg_hba.conf file so that only the user postgres can access locally?
- Is there any way to protect PostgreSQL access via pgAdmin when an intruder changes pg_hba.conf file?
- Correct setings for pg_hba.conf
- postgres hba.conf for jdbc