Hello, On Nov 3 12:12 Werner Flamme wrote (excerpt):
finally I found a real bug! And a workaround...
In /etc/cups/cupsd.conf, I have lines like:
ServerName printlpz1l.intranet.ufz.de ServerAlias printlpz1l ServerAlias 141.65.124.19
Whenever I try to access <https://printlpz1l.intranet.ufz.de:631>, I get "Bad Request". But: I can access <https://printlpz1l:631> or <https://141.65.124.19:631> without problems.
lpstat -h printlpz1l.intranet.ufz.de -a - -> error
lpstat -h printlpz1l - -> long list
Five minutes ago, I added
ServerAlias printlpz1l.intranet.ufz.de
to /etc/cups/cupsd.conf and voilà - the host is accessible with its FQDN. Via web as well as via lpstat.
Obviously, CUPS allows access to the ServerAlias only, and refuses access to ServerName. In /var/log/cups/error_log I see lines like
Request from "141.65.31.19" using invalid Host: field "printlpz1l.intranet.ufz.de"
That's an interesting bug. They may have invested a lot of brain power for that :-) BTW, The entry after ServerName is the "real" hostname...
Yes, they invested a lot of brain power to protect you against DNS rebinding attacks which unfortunately results in some cases that you get "overprotected". Is this really a new issue since CUPS 1.5.x (i.e. it worked with 1.4.6)? See for example the "cupsd no longer allows using cname (alias) must use hostname" mail thread on cups@easysw.com http://www.cups.org/newsgroups.php?gcups.general+T+Q%22cupsd+no+longer+allow... ------------------------------------------------------------------------- From: Michael Sweet ... You are running into the (relatively new) DNS rebinding attack protection code. Sadly, while we do our best at startup we don't always catch all of the aliases for a given server. To work around this, add ServerAlias directives to your cupsd.conf file, either the "allow anything" version: ServerAlias * or one per hostname, e.g.: ServerAlias name1.example.com ServerAlias name2.example.com ServerAlias name3.example.com ------------------------------------------------------------------------- or see the "cups server not responds by alias name since cups-1.3.9" mail thread on cups@easysw.com http://www.cups.org/newsgroups.php?gcups.general+T+Q%22cups+server+not+respo... If your particular issue is a different case, please report it on cups@easysw.com Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer