# [Solved] Can't use CUPS webadmin from remote machine

## iivq

Hello,

I have CUPS installed and it all works - except for one little point: I can't webadmin to it from any other pc in my network. I can webadmin to it from the local machine - but as this is a headless machine requires SSH - something I don't want to explain to my girlfriend over telephone in the case troubleshooting is needed  :Razz: 

The printer is on betsy being 192.168.15.100, going to either http://betsy:631/ or http://betsy:631/admin results in a 403 forbidden.

Here's my cupsd.conf:

```

ServerName Betsy

ServerAdmin root@Betsy

LogLevel debug

AccessLog /var/log/cups/access_log

ErrorLog /var/log/cups/error_log

MaxClients 100

# Enable printer sharing and shared printers.

Browsing On

BrowseOrder allow,deny

BrowseAllow all

BrowseAddress @LOCAL

SystemGroup lpadmin

# Allow remote access

Port 631

Listen /var/run/cups/cups.sock

DefaultAuthType Basic

<Location />

  Allow From localhost

  Allow From 192.168.15.0/24

  Deny From All

  # Allow shared printing and remote administration...

  Order allow,deny

  Allow @LOCAL

</Location>

<Location /admin>

  #Encryption Required

  Allow From localhost

  Allow From 192.168.15.0/24

  Deny From all

  # Allow remote administration...

  Order allow,deny

  Allow @LOCAL

</Location>

<Location /admin/conf>

  AuthType Default

  #Require user @SYSTEM

  Allow localhost

  Allow 192.168.15.0/24

  Deny all

  # Allow remote access to the configuration files...

  Order allow,deny

  Allow @LOCAL

</Location>

<Policy default>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>

    AuthType Default

    Require user @SYSTEM

    Order deny,allow

  </Limit>

  <Limit CUPS-Authenticate-Job>

    Require user @OWNER @SYSTEM

    Order deny,allow

  </Limit>

  <Limit All>

    Order deny,allow

  </Limit>

</Policy>

```

BTW I commented out the encryption required to see if it made any diff - no.

tail /var/log/cups/access_log:

```

[root@betsy /etc/cups]$ tail /var/log/cups/access_log

localhost - - [15/Sep/2008:09:37:37 +0200] "POST / HTTP/1.1" 200 198 Get-Printer-Attributes successful-ok

localhost - - [15/Sep/2008:09:37:37 +0200] "POST / HTTP/1.1" 200 198 Get-Printer-Attributes successful-ok

localhost - - [15/Sep/2008:09:37:37 +0200] "POST / HTTP/1.1" 200 198 Get-Printer-Attributes successful-ok

localhost - - [15/Sep/2008:09:37:37 +0200] "POST / HTTP/1.1" 200 198 Get-Printer-Attributes successful-ok

192.168.15.151 - - [15/Sep/2008:15:13:00 +0200] "GET / HTTP/1.1" 403 0 - -

192.168.15.151 - - [15/Sep/2008:15:13:00 +0200] "GET /cups.css HTTP/1.1" 403 0 - -

192.168.15.151 - - [15/Sep/2008:15:13:00 +0200] "GET /favicon.ico HTTP/1.1" 403 0 - -

192.168.15.151 - - [15/Sep/2008:15:13:03 +0200] "GET /favicon.ico HTTP/1.1" 403 0 - -

192.168.15.151 - - [15/Sep/2008:15:17:40 +0200] "GET /admin HTTP/1.1" 403 0 - -

192.168.15.151 - - [15/Sep/2008:15:17:40 +0200] "GET /cups.css HTTP/1.1" 403 0 - -

```

btw I have NO idea thwt the first 4 lines might be - I didn't try to access the web interface then - could it be my girlfriend booting up her windows XP box? it goes back like that aboug a 100 lines on this day, with client-error-not-found every 5th line.

Any tips?Last edited by iivq on Wed Sep 17, 2008 5:37 pm; edited 1 time in total

----------

## nemectic

 *Quote:*   

> 
> 
> # Allow remote access 
> 
> Port 631
> ...

 

Try allowing the specific IPs in your network that you wish to access CUPs from, before the 'Deny From all' statements.

----------

## iivq

```
...

<Location />

  Allow From localhost

  Allow From 192.168.15.151

  Deny From All

  # Allow shared printing and remote administration...

  Order allow,deny

  Allow @LOCAL

</Location>

<Location /admin>

  #Encryption Required

  Allow From localhost

  Allow From 192.168.15.151

  Deny From all

  # Allow remote administration...

  Order allow,deny

  Allow @LOCAL

</Location>

<Location /admin/conf>

  AuthType Default

  #Require user @SYSTEM

  Allow localhost

  Allow From 192.168.15.151

  Deny all

  # Allow remote access to the configuration files...

  Order allow,deny

  Allow @LOCAL

</Location>

...

```

Nope: still 403 forbidden (Yes i did restart cups)

----------

## nemectic

Try the following, substituted in for the relevant sections:

```

<Location />

  Order Deny,Allow

  Deny From All

  Allow From localhost

  Allow From 192.168.15.*

</Location>

<Location /admin>

  Order Deny,Allow

  Deny From all

  Allow From localhost

  Allow From 192.168.15.*

</Location>

<Location /admin/conf>

  Order Deny,Allow

  Deny From All

  Allow localhost

  Allow 192.168.15.*

</Location> 

```

----------

## iivq

That fixed it, Thanks.

By the way, the "Order deny, allow" needs to have deny, allow in all lowercase, and there can NOT be a space after <Location />... Cups will fail to start then (I think this is a bug in the conf parser of CUPS)

----------

## robinmarlow

Hurrah! you fixed it for me too.

It was a space that silently broke it for me.

```

<Location />[space]

  Order deny,allow 

  Allow localhost

  Allow 192.168.0.*

</Location>

```

only worked when the space was removed.

----------

