Hi Jinmin. Blocking /_all_dbs currently requires a reverse proxy with block rules in front of CouchDB.
We recommend haproxy for this use. Best regards, Joan Touzet from Toronto, Canada ----- Original Message ----- From: "? ?" <[email protected]> To: [email protected] Sent: Monday, April 23, 2018 5:30:38 AM Subject: How to prevent anonymous users visit couchdb ? Dear all, I want to remotely manage couchdb by curl using the administrator account, but I found that anonymous users can also get some information , like _all_dbs, which is not what I want. It seems that couchdb allows anonymous users using GET and HEAD methods, so how can I prevent it? What I want is only administrators are allowed. I have made the following settings in local.ini: require_valid_user = true WWW-Authenticate = Basic realm="administrator" Thanks & regards, Jinmin from Shanghai, China
