[cups.general] Re: Port 631 Forbidden
Maurizio Faccio
Maurizio.Faccio at merbe.com.uy
Mon Jan 30 09:38:24 PST 2006
I know that "Allow from all " is bad from a security standpoint, but I put
that value to try if I can see it.
Here is the confd.conf file
Port 631
BrowseAddress @LOCAL
BrowseAllow @LOCAL
<Location />
Order Deny,Allow
Deny From All
Allow From @LOCAL
</Location>
<Location /jobs>
AuthType Basic
AuthClass User
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Order Deny,Allow
Deny From All
Allow From @LOCAL
</Location>
Thank you in advance
As I know, cups has nothing to do with cups cause cups has a self contained
server
"Gene Heskett" <gene.heskett at verizon.net> escribió en el mensaje
news:23807-cups.general at news.easysw.com...
On Monday 30 January 2006 05:40, Maurizio Faccio wrote:
>Thank you a lot for your answers
>But I've made a mistake and post wrong cupsd.conf file. The actual
>cupsd.conf file
>
> <Location /> Order Allow, Deny
> Allow From All
> Deny From None
Wrong from a security standpoint.
S/B
<Location />
Order Deny, Allow
Deny from All
Allow from @Local
<Location>
Your way lets the whole world in if you fix the real problem.
>And with this conf file I still obtain Forbidden
What other <Location> settings are in your cupsd.conf?
And of course we assume httpd is running.
>Thank you in advance
>
>Maurizio
>
>
>
>
>
>"Helge Blischke" <h.blischke at srz.de> escribió en el mensaje
>news:23799-cups.general at news.easysw.com...
>
>> Anonymous wrote:
>> > > <Location />Order Deny,Allow
>> > > Deny From All
>> > > Allow From 127.0.0.1
>> > > </Location>
>> > > <Location /jobs>
>> > > AuthType Basic
>> > > AuthClass User
>> > > </Location>
>> > > <Location /admin>
>> > > AuthType Basic
>> > > AuthClass System
>> > > </Location>
>> >
>> > Try replacing your "Allow From 127.0.0.1" to "Allow From All"
>> > and see what happens... :)
>> >
>> > Good luck!
>> > Angel
>>
>> "Allow From All" would allow access even from the outside word - I
>> don't
>
>think that is
>
>> what you intend. Better use "Allow From @LOCAL", which specifies
>> your
>
>local intranet.
>
>> Helge
>>
>> --
>> Helge Blischke
>> Softwareentwicklung
>> SRZ Berlin | Firmengruppe besscom
>> http://www.srz.de
>
>_______________________________________________
>cups mailing list
>cups at easysw.com
>http://lists.easysw.com/mailman/listinfo/cups
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
More information about the cups
mailing list