It seems a little complex, maybe changing the listening port to 127.0.0.1 is a simple way, sacrifice remote access for security.
发件人: Joan Touzet<mailto:[email protected]> 发送时间: Monday, April 23, 2018 11:18 PM 收件人: [email protected]<mailto:[email protected]> 主题: Re: How to prevent anonymous users visit couchdb ? Hi Jinmin. Blocking /_all_dbs currently requires a reverse proxy with block rules in front of CouchDB. We recommend haproxy for this use. Best regards, Joan Touzet from Toronto, Canada ----- Original Message ----- From: "? ?" <[email protected]> To: [email protected] Sent: Monday, April 23, 2018 5:30:38 AM Subject: How to prevent anonymous users visit couchdb ? Dear all, I want to remotely manage couchdb by curl using the administrator account, but I found that anonymous users can also get some information , like _all_dbs, which is not what I want. It seems that couchdb allows anonymous users using GET and HEAD methods, so how can I prevent it? What I want is only administrators are allowed. I have made the following settings in local.ini: require_valid_user = true WWW-Authenticate = Basic realm="administrator" Thanks & regards, Jinmin from Shanghai, China
