限制对Azure Postgres服务的公共访问 [英] Restrict public access to Azure Postgres service
问题描述
大家好,
我们目前正在Azure中设置Postgres DB,我们看到的是,即使定义了非常严格的安全组规则,FQDN(从公共网络访问时)也会以postgres服务签名作为响应.即
We are currently setting up Postgres DB in Azure and what we see is that even after defining very strict security group rules, the FQDN (when accessed from a public network) responds with a postgres service signature. i.e.
psql :致命:主机"xx.xxx.xx.xx.xx",用户"userx",数据库"randomDB"的pg_hba.conf条目不存在,
psql: FATAL: no pg_hba.conf entry for host "xx.xxx.xx.xx.xx", user "userx", database "randomDB", SSL on
我们没有任何规则可以允许此流量访问实例.那么为什么我们看到服务器的响应.我非常确定是否在AWS中创建了RDS实例,默认情况下,您无法从外部创建与之的连接.
We don't have any rule that would allow this traffic to hit the instance. So why do we see a response from the server. I am quite sure if an RDS instance in AWS is created, by default you cannot create a connection to it from outside world.
谢谢
J
推荐答案
您好,Jahantech,
Hi Jahantech,
您看到的是来自Azure Postgres网关(服务)的响应,而不是实际实例的响应.如果您还有其他问题,请告诉我.
You are seeing a response from the Azure Postgres gateway (service) and not from your actual instance. Please let me know if you have additional questions.
有关此的MSDN以前有一篇文章;寻找它.客户也有同样的顾虑.响应来自处理该区域所有Postgres流量的网关节点.您应该能够对您的实例IP进行跟踪路由(tracert)并查看 流量并没有流入您的已部署实例.
There is a previous MSDN post regarding this; looking for it. A customer had the same concern. The response is from gateway node that handles all Postgres traffic for that region. You should be able to do a traceroute (tracert) to your instance IP and see that the traffic doesn't make it to your deployed instance.
此致
迈克
这篇关于限制对Azure Postgres服务的公共访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
