Discussion:
access CUPS web interface through SSH port forwarding
Matthias Apitz
2011-06-21 17:13:31 UTC
Permalink
Hello,

This is with CUPS 1.4.3, in older versions 1.x we did not face the problem.

We access remote servers via SSH and forward the port 631 though the SSH
session as:

$ ssh -C -L 1631:remote-host:631 remote-host

Let's say the SSH runs on host 'myhost'; the LISTEN on port 1631 is fine and
connects are forwarded to the remote CUPS daemon;

but any request to http://myhost:1631/ gives only '400 bad request' from
CUPS; I've checked with

$ lynx -trace http://myhost:1631/

what's going on and I see that the HTTP request contains a line

Host: myhost:1631

which perhaps is not understood by CUPS daemon. How can I get this working?

Thanks

matthias
Michael Sweet
2011-06-21 17:47:23 UTC
Permalink
Post by Matthias Apitz
Hello,
This is with CUPS 1.4.3, in older versions 1.x we did not face the problem.
We access remote servers via SSH and forward the port 631 though the SSH
$ ssh -C -L 1631:remote-host:631 remote-host
Let's say the SSH runs on host 'myhost'; the LISTEN on port 1631 is fine and
connects are forwarded to the remote CUPS daemon;
but any request to http://myhost:1631/ gives only '400 bad request' from
CUPS; I've checked with
$ lynx -trace http://myhost:1631/
what's going on and I see that the HTTP request contains a line
Host: myhost:1631
which perhaps is not understood by CUPS daemon. How can I get this working?
This is the built-in DNS rebinding attack protection. Use the "ServerAlias" directive on the remote host to allow it to respond to those requests.

________________________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair
Matthias Apitz
2011-06-22 09:45:58 UTC
Permalink
Post by Michael Sweet
Post by Matthias Apitz
Hello,
This is with CUPS 1.4.3, in older versions 1.x we did not face the problem.
We access remote servers via SSH and forward the port 631 though the SSH
$ ssh -C -L 1631:remote-host:631 remote-host
Let's say the SSH runs on host 'myhost'; the LISTEN on port 1631 is fine
and connects are forwarded to the remote CUPS daemon;
but any request to http://myhost:1631/ gives only '400 bad request' from
CUPS; I've checked with
$ lynx -trace http://myhost:1631/
what's going on and I see that the HTTP request contains a line
Host: myhost:1631
which perhaps is not understood by CUPS daemon. How can I get this working?
This is the built-in DNS rebinding attack protection. Use the
"ServerAlias" directive on the remote host to allow it to respond to those
requests.
Thanks, this made it working. But only if you use in the SSH command
for 'remote-host' its IP addr or DNS, but not 'localhost'. Just as a hint.

Thanks again

matthias

Loading...