Hi Jeff,
Am 19.10.22 um 17:47 schrieb Jeff Janes:
This is what I've got currently but it's still allowing non-ssl connections from remote (non-local/private) hosts. Any thoughts?
Did you reload the server configurations after changing the file? What is the address of that non-local host, as seen by the server? (you can check the first with `select * from pg_hba_file_rules`,
unfortunately that's not true, at least up to Pg v14 (I don't know if they've changed this IMHO "unexpected" behaviour in the meantime). The pg_hba_file_rules seems to be just an SQL frontend to the hba-file's content and does not(!) reflect the currently active configuration. So you can see your changes before the are activated, e.g. by calling pg_reload_conf().
Cheers,
Frank.