-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johannes Meixner [03.11.2011 14:38]:
Hello,
On Nov 3 12:12 Werner Flamme wrote (excerpt):
finally I found a real bug! And a workaround...
In /etc/cups/cupsd.conf, I have lines like:
ServerName printlpz1l.intranet.ufz.de ServerAlias printlpz1l ServerAlias 141.65.124.19
Whenever I try to access <https://printlpz1l.intranet.ufz.de:631>, I get "Bad Request". But: I can access <https://printlpz1l:631> or <https://141.65.124.19:631> without problems.
lpstat -h printlpz1l.intranet.ufz.de -a - -> error
lpstat -h printlpz1l - -> long list
Five minutes ago, I added
ServerAlias printlpz1l.intranet.ufz.de
to /etc/cups/cupsd.conf and voilà - the host is accessible with its FQDN. Via web as well as via lpstat.
Obviously, CUPS allows access to the ServerAlias only, and refuses access to ServerName. In /var/log/cups/error_log I see lines like
Request from "141.65.31.19" using invalid Host: field "printlpz1l.intranet.ufz.de"
That's an interesting bug. They may have invested a lot of brain power for that :-) BTW, The entry after ServerName is the "real" hostname...
Yes, they invested a lot of brain power to protect you against DNS rebinding attacks which unfortunately results in some cases that you get "overprotected".
Is this really a new issue since CUPS 1.5.x (i.e. it worked with 1.4.6)?
Yes, it is. I did the update last week, and two hours later the Sun Ray admin asked why he could not access the printers any longer. And he discovered that it worked with the short name, but not with the FQDN. Before the upgrade, the last version from the Printing:SLE_11_SP1 repo was installed. BTW, the machines that still run CUPS 1.4.x answer on ServerAlias as well as on ServerName. Another BTW: cups-lpd worked well all the time, even on CUPS 1.5.0 boxes :-> That's why we were able to print from our SAP systems, I guess...
See for example the "cupsd no longer allows using cname (alias) must use hostname" mail thread on cups@easysw.com
The DNS entry is not a CNAME. This IP address is resolved directly, and the PTR record works as well. The host was installed with its IP Address and hostname, and neither did change. Why should it be that the FQDN works when used as a ServerAlias, but not as ServerName? If the "real" hostname was different from the ServerAlias entry, the ServerName requests should be honoured as well. There might be a reason for the ServerName directive to exist, and a reason to use it as well...
http://www.cups.org/newsgroups.php?gcups.general+T+Q%22cupsd+no+longer+allow...
- -------------------------------------------------------------------------
From: Michael Sweet ... -------------------------------------------------------------------------
Well,
we have one ServerName entry and several (3 to 12) ServerAlias entries in cupsd.conf. The ServerName is always set to the name the server is used with most often.But there was never a necessity to have a ServerAlias saying the same name as ServerName - and the CUPS servers went all through the 1.4.x releases.
or see the "cups server not responds by alias name since cups-1.3.9" mail thread on cups@easysw.com
http://www.cups.org/newsgroups.php?gcups.general+T+Q%22cups+server+not+respo...
This
can't be us, since everything worked at least with 1.4.6 :-\
If your particular issue is a different case, please report it on cups@easysw.com
I think it is *sigh*
Kind Regards Johannes Meixner
Thank you, Werner - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6ytV8ACgkQk33Krq8b42MELACggzLuRLJA3R/A/Ptb+cLHkltG 7FAAn0VdgGR+JuKXjB14XL7aRb/YSRS3 =NcNp -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org