[cups.general] Hiding printers in web interface

[Michael Sweet]

On Apr 8, 2010, at 4:28 PM, John A. Sullivan III wrote:
>> ...
>> I suppose there is no way to use a different port for the web interaction versus printer interaction.  It must all be the same http-like protocol.  Printers and web viewers must be indistinguishable to CUPS I guess.  Thanks - John

IPP is layered on HTTP (just a POST with application/ipp data sent and received, much like SOAP is XML over HTTP) so you *can* define Location+Limit rules to require authentication for HTTP GET requests. However, since clients also use HTTP GET to get the PPD file for a queue and we don't have wildcard/regex support for Location's that can get tricky.

In CUPS 1.5 we're transitioning to using the IPP CUPS-Get-PPD operation, which we added in CUPS 1.3, with a fallback to HTTP GET, and there are some improvements in the IPP arena that will hopefully make it easier for apps to support printing without needing to look at the PPD file in the first place...

> Well . . .it's ugly but what I've done is disable the CGI scripts in /usr/lib/cups/cgi-bin.  That seems to work.  The printing application still see only the appropriate printers as defined in printers.conf.  No one can see anything in the web application.  Are there any problems in doing it this way?

No, and we also have a "feature" that does this coming in 1.5 - tracked by CUPS STR #2625:

    http://www.cups.org/str.php?L2625

I just added another comment to the bug to have an "authenticated web interface" mode where only CGI access would require authentication (which would be a simple addition...)

________________________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cups.org/pipermail/cups/attachments/20100408/2dce2404/attachment-0001.html>