web interface only with localhost, invalid host error
Closed this issue · 1 comments
novazur972 commented
With Gentoo Linux Cups 2.4.10-r1
All works fine with https://localhost:631/ but error with https://coffee:631/ or https://coffee.novazur.fr:631/
[Client 4] Request from "localhost" using invalid Host: field "coffee.novazur.fr:631". even with ServerAlias *
I tried changing ServerName with hostname, with FQDN, same error.
ServerAlias doesn't change anything.
# diff -u cupsd.conf.default cupsd.conf
--- cupsd.conf.default 2024-09-28 16:39:01.000000000 -0400
+++ cupsd.conf 2024-10-02 16:40:24.585207846 -0400
@@ -15,8 +15,10 @@
ErrorPolicy retry-job
# Only listen for connections from the local machine.
-Listen localhost:631
+Listen *:631
Listen /run/cups/cups.sock
+HostNameLookups On
+ServerAlias *
# Show shared printers on the local network.
Browsing Yes
@@ -34,6 +36,7 @@
# Restrict access to the server...
<Location />
Order allow,deny
+ Allow from @LOCAL
</Location>
# Restrict access to the admin pages...
@@ -41,6 +44,7 @@
AuthType Default
Require user @SYSTEM
Order allow,deny
+ Allow from @LOCAL
</Location>
# Restrict access to configuration files...
@@ -158,6 +162,10 @@
</Limit>
</Policy>
+DefaultLanguage fr
+SetEnv LANG fr_FR.UTF8
+DefaultPaperSize A4
+MaxJobTime 36000
# Set the kerberized printer/job policies...
<Policy kerberos>
# Job/subscription privacy...
# hostname -s
coffee
# hostname -d
novazur.fr
# hostname -f
coffee.novazur.fr
# host coffee
coffee.novazur.fr has address 127.0.0.1
# host coffee.novazur.fr
coffee.novazur.fr has address 127.0.0.1
# grep localhost /etc/hosts
127.0.0.1 coffee.novazur.fr coffee localhost
michaelrsweet commented
That's because your hostname maps to 127.0.0.1, which is localhost.
cupsd requires accesses to 127.0.0.1 to use localhost because otherwise it would be vulnerable to DNS rebinding attacks ("printer.example.com" mapping to 127.0.0.1 which allows for certain kinds of attacks through the web browser...)