UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Absent Member.
Absent Member.
774 views

Secure iPrint printer by workstation, not user

We have a 30 seat computer lab with a lab printer. We need to be able to
restrict printing to the lab printer to just the computers in the lab, not
to everyone who might use the lab. We don't want other computers in the
building to be able to print to this printer - it is for lab use only.

AL
0 Likes
1 Reply
Absent Member.
Absent Member.

On 30/07/2007 15:45, semit@calvinseminary.edu wrote:

> We have a 30 seat computer lab with a lab printer. We need to be able to
> restrict printing to the lab printer to just the computers in the lab, not
> to everyone who might use the lab. We don't want other computers in the
> building to be able to print to this printer - it is for lab use only.


Please note that I haven't tried the following myself but theoretically
it should be possible.

You might be able to restrict access to the URL(s) used to print by
adding a suitable "Location" section to the Apache configuration files.

Looking at the access_log file for our iPrint server I see it logs POST
accesses to both /ipp/queue_name and /ipps/queue_name for insecure and
secure printing.

So adding a "Location" section along the lines of the following might work.

<Location /ipp/queue_name>
Order deny,allow
Deny from all
Allow from x.x.x.x
</Location>

Since IPP needs to be up & running my preference would be to try adding
this to the mod_ipp.conf in sys:/apache2/iprint directory.

In fact looking at this file suggests the above is the way to go since
it already defines a "Location" section for both /ipp and /ipps that
precisely use "Order" and "Allow" directives (to "Allow from all"). All
that is actually needed for each queue_name specific "Location" section
is "Deny from all" and "Allow from ..." (since "Order deny,allow" is
inherited from /ipp or /ipps).

See http://httpd.apache.org/docs/2.0/mod/mod_access.html#allow for more
information about the mod_access module that provides the "Allow",
"Deny", etc. directives.

HTH

Simon
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.