The default installation of PaperCut NG is configured to be secure by default. After initial
installation only the admin
user defined during the setup process is permitted to administer
the system. To allow additional users to administer PaperCut NG follow the instructions defined in
the section called “Assigning Administrator Level Access”.
By default PaperCut NG runs an internal web server on port 9191. All communication with the server uses HTTP to this port and includes connections by:
administrators to connect to the administration interface
users to connect to the end-user interface
the user client to communicate with the server to get the user balance and receive notifications; and
the information providers (as discussed in the section called “Key Features”) to send information to the server
It is therefore important that all of the above clients can access this port on the server from across the entire network. If your organization uses firewalls between departments or campuses then it will be necessary to allow inbound HTTP connections on port 9191 to the PaperCut NG application server.
The application server port can be changed from 9191 to any other value.
If the application server port is changed, the port number also must be changed in the applications that connect to the server. i.e, the print provider and the user client.
To change the application server port:
On the server, navigate to the [app-path]\server\
directory.
Open the file server.properties
.
Change the server.port
to setting to the desired port.
Change the server port in all providers installed on your network. The server
port is set in the print-provider.conf
file in the provider directory.
Change the server port in the user client config file:
[app-path]\client\config.properties
.
If the client is installed locally on workstations, then the config file will need to be changed on each workstation.
On Linux/Unix systems, the server runs under the privilege of a non-root account. Some systems
may prevent non-root users from binding to ports lower than 1024. An alternate option
is to use kernel level TCP port redirection (e.g. iptables
).
Restart the application server. (See the section called “Stopping and Starting the Application Server”).
The PaperCut NG architecture (as discussed in the section called “Architecture Overview” and the section called “Print Monitoring Architecture”) involves having a central application server and multiple information providers that send data to the server to process. One example of a provider is the print provider which monitors printing and sends the printer activity to the central server.
PaperCut NG supports an unlimited number of information providers and they can be located on anywhere on the network. By default PaperCut NG allows these providers to connect from any machine on the network. This can be restricted to a reduced set of machines by specifying a list of IP addresses or subnets that are allowed to submit information to the application server.
To define the list of addresses that providers can connect from:
Navigate to
→ .Scroll down to the Security section.
Enter the list of IP addresses or subnet masks to allow. The list of addresses is comma separated.
The format of the subnet is X.X.X.X/Y.Y.Y.Y
(where X represents the address and
Y the subnet mask).
Press
.It is then recommended to test all providers to ensure that they can still submit information to the application server. To test the print provider, perform a test print job to the server that the provider is running on.
You may restrict the address ranges from which standard release stations (see the section called “Standard Release Station”) may access the application server. This measure only applies to standard release stations and does not affect print release at an embedded device or from a web browser.
Navigate to Config Editor (Advanced).
and select
Search for the config key: auth.release-station.allowed-addresses
Enter the list of IP addresses or subnet masks to allow. The list of addresses is comma separated.
The format of the subnet is X.X.X.X/Y.Y.Y.Y
(where X represents the address and
Y the subnet mask).
Click Update
.
It is then recommended to test all standard release stations to ensure that they can still successfully start-up and connect to the Application Server.
For security reasons all the web sessions log out (timeout) after periods of inactivity. Clicking a link or refreshing a page will reset the inactivity timer. Closing the browser window/tab will also end the session (i.e. the session cookies are not persistent). The default timeout periods for different login types are described in the table below:
Login Type | Default value |
---|---|
Admin web interface | 1440 minutes (24 hours) |
Web based release station | 1440 minutes (24 hours) |
Web Cashier | 1440 minutes (24 hours) |
User web interface | 60 minutes (1 hour) |
Table 15.15. Default Web Session Inactivity Timeout Values
These timeout values (a period given in minutes) are configurable via the config keys below. A value of
0
indicates that the session will never time out. The special value
DEFAULT indicates that the PaperCut defaults (in the above table) are
used (the PaperCut defaults may change in future versions).
Config name | Description |
---|---|
web-login.admin.session-timeout-mins | Inactivity timeout for the admin web interface. |
web-login.web-cashier.session-timeout-mins | Inactivity timeout for Web Cashier. |
web-login.release.session-timeout-mins | Inactivity timeout for the web based release station. |
web-login.user.session-timeout-mins | Inactivity timeout for the user web interface. |
Table 15.16. Timeout Web Session Config Keys
Please see the section called “Using the Config Editor” for information about changing config keys.
Changing the inactivity timeout values will take effect the next time users log in. Note that some pages periodically refresh the page (or data on the page), such as the dashboard and the web based release station. A session will not time out if a browser is left on these pages, as it will be considered active.
© Copyright 1999-2015. PaperCut Software International Pty Ltd. All rights reserved.