Wikis - Page

Securing Access to the iPrint Web Page outside of the Network

0 Likes

Problem:

We were enabling our users to access iPrint from the outside (requires a firewall filter, but doable). However, we wanted to "Secure" access to the WEB page. Opened a SR with Novell since I couldn't find any TID on this issue. After working with the Tech I was able to accomplish this. This is how we did it.



Solution:



Firewall Filter:



Current BM Filters ServerID Source Interface Source Address Protocol Destination Port 
Source Port ackFilt stFilt Destination Interface Destination Address Comments
1 PUBLIC TCP 631 0 1 PRIVATE XXX.XXX.XXX.XXX To allow iPrint services



ConsoleOne Settings:



Properties of LDAP Server - IPrintServerName - SSL/TLS Configuration Tab -Uncheck the
"Require TLS for all Operations".
- Restrictions - Bind Restrictions is set
to "None" and all "Limit" and "Timeout" options are set to "0".


Server Apache2 Settings:


Edit the \\ServerName\sys\Apache2\iprint\ipp.conf file and make the following changes. (Search for the "IfModule mod_ipp.c" section and edit.)



************************************************************
# Changed this to require login
# this is the default config for secure printing
<IfModule mod_ipp.c>
<Location /ipp>
#Require valid-user
Order allow,deny
#Allow from all
#Type in the IP Segment for your Environment
Allow from XXX.XXX
Require valid-user
Satisfy Any
AuthType Basic
AuthName "Tree_Name"
AuthLDAPURL "ldaps://localhost:636/???(objectClass=user)"
AuthLDAPRemoteUserIsDN on
<IfModule mod_auth_ldap.c>
AuthLDAPEnabled ON
</IfModule>
AuthLDAPDNAuthoritative On
AuthLDAPAllowDNAuth On
</Location>

<Location /ipps>
Require valid-user
Order allow,deny
#Type in the IP Segment for your Environment
Allow from XXX.XXX
Require valid-user
#Satisfy Any
AuthType Basic
AuthName "Tree_Name"
AuthLDAPURL "ldaps://localhost:636/???(objectClass=user)"
AuthLDAPRemoteUserIsDN on
<IfModule mod_auth_ldap.c>
AuthLDAPEnabled ON
#Off
</IfModule>
AuthLDAPDNAuthoritative On
AuthLDAPAllowDNAuth On
</Location>
</IfModule>
*************************************************************


Stop and restart your Apache services. I used two NCFs to stop and then start Apache.



AP2WEBDN.NCF
***********************
# Shutdown for Apache Web Server for Netware

unload address space = os apache2
***********************



AP2WEBUP.NCF
***********************
# Startup for Apache Web Server for Netware
# This is called from autoexec.ncf

# Make sure that httpstk isn't listening on 80
httpcloseport 80 /silent

load apache2 -E sys:\apache2\logs\startup.err
************************


Now users who access our iPrint WEB Page from outside of our Network are prompted to log into NetWare via LDAP to access the page:



https://XXX.XXX.XXX.XXX/ipps 


They would use their NetWare login name and their NetWare password.



Environment:

NetWare 6.5 SP 5 and Apache2

Labels:

How To-Best Practice
Comment List
Related
Recommended