--- /dev/null
+<HTML>
+<!-- SECTION: References -->
+<HEAD>
+ <TITLE>cupsd.conf</TITLE>
+</HEAD>
+<BODY>
+
+<!-- MISSING:
+
+BrowseLDAPBindDN
+BrowseLDAPDN
+BrowseLDAPPassword
+BrowseLDAPServer
+BrowseLocalProtocols
+BrowseRemoteProtocols
+DefaultAuthType
+DefaultPolicy
+FilterNice
+JobRetryInterval
+JobRetryLimit
+PassEnv
+Policy
+ServerTokens
+SetEnv
+
+-->
+
+<P>The <VAR>/etc/cups/cupsd.conf</VAR> file contains
+configuration <I>directives</I> that control how the server
+functions. Each directive is listed on a line by itself followed
+by its value. Comments are introduced using the number sign ("#")
+character at the beginning of a line.</P>
+
+<P>Since the server configuration file consists of plain text,
+you can use your favorite text editor to make changes to it.
+After making any changes, restart the <CODE>cupsd(8)</CODE>
+process using the startup script for your operating system:</P>
+
+<UL>
+
+ <LI>AIX:
+ <PRE CLASS="command">
+/etc/init.d/cups restart
+ </PRE></LI>
+
+ <LI>HP-UX:
+ <PRE CLASS="command">
+/sbin/init.d/cups restart
+ </PRE></LI>
+
+ <LI>IRIX:
+ <PRE CLASS="command">
+/etc/init.d/cups restart
+ </PRE></LI>
+
+ <LI>Linux:
+ <PRE CLASS="command">
+/etc/init.d/cups restart
+ </PRE></LI>
+
+ <LI>MacOS X:
+ <PRE CLASS="command">
+/System/Library/StartupItems/PrintingServices/PrintingServices restart
+ </PRE></LI>
+
+ <LI>Solaris:
+ <PRE CLASS="command">
+/etc/init.d/cups restart
+ </PRE></LI>
+
+</UL>
+
+<P>You can also edit this file from the CUPS web interface, which
+automatically handles restarting the scheduler.</P>
+
+
+<H3 CLASS="title"><A NAME="AccessLog">AccessLog</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+AccessLog /var/log/cups/access_log
+AccessLog /var/log/cups/access_log-%s
+AccessLog syslog
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>AccessLog</CODE> directive sets the name of the
+access log file. If the filename is not absolute then it is
+assumed to be relative to the <A
+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
+access log file is stored in "common log format" and can be used
+by any web access reporting tool to generate a report on CUPS
+server activity.</P>
+
+<P>The server name can be included in the filename by using
+<CODE>%s</CODE> in the name.</P>
+
+<P>The special name "syslog" can be used to send the access
+information to the system log instead of a plain file.</P>
+
+<P>The default access log file is
+<VAR>/var/log/cups/access_log</VAR>.</P>
+
+
+<H3 CLASS="title"><A NAME="Allow">Allow</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Allow from All
+Allow from None
+Allow from *.domain.com
+Allow from .domain.com
+Allow from host.domain.com
+Allow from nnn.*
+Allow from nnn.nnn.*
+Allow from nnn.nnn.nnn.*
+Allow from nnn.nnn.nnn.nnn
+Allow from nnn.nnn.nnn.nnn/mm
+Allow from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
+Allow from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
+Allow from @LOCAL
+Allow from @IF(name)
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Allow</CODE> directive specifies a hostname, IP address,
+or network that is allowed access to the server. <CODE>Allow</CODE>
+directives are cummulative, so multiple <CODE>Allow</CODE> directives
+can be used to allow access for multiple hosts or networks. The
+<CODE>/mm</CODE> notation specifies a CIDR netmask:</P>
+
+<DIV CLASS="table"><TABLE>
+<TR>
+ <TH WIDTH="10%">mm</TH>
+ <TH WIDTH="20%">netmask</TH>
+ <TH WIDTH="10%">mm</TH>
+ <TH WIDTH="20%">netmask</TH>
+</TR>
+<TR>
+ <TD ALIGN="CENTER">0</TD>
+ <TD ALIGN="CENTER">0.0.0.0</TD>
+ <TD ALIGN="CENTER">8</TD>
+ <TD ALIGN="CENTER">255.0.0.0</TD>
+</TR>
+<TR>
+ <TD ALIGN="CENTER">1</TD>
+ <TD ALIGN="CENTER">128.0.0.0</TD>
+ <TD ALIGN="CENTER">16</TD>
+ <TD ALIGN="CENTER">255.255.0.0</TD>
+</TR>
+<TR>
+ <TD ALIGN="CENTER">2</TD>
+ <TD ALIGN="CENTER">192.0.0.0</TD>
+ <TD ALIGN="CENTER">24</TD>
+ <TD ALIGN="CENTER">255.255.255.0</TD>
+</TR>
+<TR>
+ <TD ALIGN="CENTER">...</TD>
+ <TD ALIGN="CENTER">...</TD>
+ <TD ALIGN="CENTER">32</TD>
+ <TD ALIGN="CENTER">255.255.255.255</TD>
+</TR>
+</TABLE></DIV>
+
+<P>The <CODE>@LOCAL</CODE> name will allow access from all local
+interfaces. The <CODE>@IF(name)</CODE> name will allow access
+from the named interface.</P>
+
+<P>The <CODE>Allow</CODE> directive must appear inside a <A
+HREF="#Location"><CODE>Location</CODE></A> directive.</P>
+
+
+<H3 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="AuthClass">AuthClass</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+AuthClass Anonymous
+AuthClass User
+AuthClass System
+AuthClass Group
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>AuthClass</CODE> directive defines what level of
+authentication is required:</P>
+
+<UL>
+
+ <LI><CODE>Anonymous</CODE> - No authentication should be
+ performed (default)</LI>
+
+ <LI><CODE>User</CODE> - A valid username and password is
+ required</LI>
+
+ <LI><CODE>System</CODE> - A valid username and password
+ is required, and the username must belong to the "sys"
+ group; this can be changed using the <A
+ HREF="#SystemGroup"><CODE>SystemGroup</CODE></A>
+ directive</LI>
+
+ <LI><CODE>Group</CODE> - A valid username and password is
+ required, and the username must belong to the group named
+ by the <A
+ HREF="#AuthGroupName"><CODE>AuthGroupName</CODE></A>
+ directive</LI>
+
+</UL>
+
+<P>The <CODE>AuthClass</CODE> directive must appear inside a <A
+HREF="#Location"><CODE>Location</CODE></A> directive.</P>
+
+<P><B>This directive is deprecated and will be removed from a
+future release of CUPS.</B> Consider using the more flexible <A
+HREF="#Require"><CODE>Require</CODE></A> directive instead.</P>
+
+
+<H3 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="AuthGroupName">AuthGroupName</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+AuthGroupName mygroup
+AuthGroupName lp
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>AuthGroupName</CODE> directive sets the group to use
+for <CODE>Group</CODE> authentication.</P>
+
+<P>The <CODE>AuthGroupName</CODE> directive must appear inside a
+<A HREF="#Location"><CODE>Location</CODE></A> directive.</P>
+
+<P><B>This directive is deprecated and will be removed from a
+future release of CUPS.</B> Consider using the more flexible <A
+HREF="#Require"><CODE>Require</CODE></A> directive instead.</P>
+
+
+<H3 CLASS="title"><A NAME="AuthType">AuthType</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+AuthType None
+AuthType Basic
+AuthType Digest
+AuthType BasicDigest
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>AuthType</CODE> directive defines the type of
+authentication to perform:</P>
+
+<UL>
+
+ <LI><CODE>None</CODE> - No authentication should be
+ performed (default)</LI>
+
+ <LI><CODE>Basic</CODE> - Basic authentication should be
+ performed using the UNIX password and group files</LI>
+
+ <LI><CODE>Digest</CODE> - Digest authentication should be
+ performed using the <VAR>/etc/cups/passwd.md5</VAR>
+ file</LI>
+
+ <LI><CODE>BasicDigest</CODE> - Basic authentication
+ should be performed using the
+ <VAR>/etc/cups/passwd.md5</VAR> file</LI>
+
+</UL>
+
+<P>When using <CODE>Basic</CODE>, <CODE>Digest</CODE>, or
+<CODE>BasicDigest</CODE> authentication, clients connecting
+through the <CODE>localhost</CODE> interface can also
+authenticate using certificates.</P>
+
+<P>The <CODE>AuthType</CODE> directive must appear inside a <A
+HREF="#Location"><CODE>Location</CODE></A> directive.</P>
+
+
+<H3 CLASS="title"><A NAME="AutoPurgeJobs">AutoPurgeJobs</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+AutoPurgeJobs Yes
+AutoPurgeJobs No
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>AutoPurgeJobs</CODE> directive specifies whether or
+not to purge completed jobs once they are no longer required for
+quotas. This option has no effect if quotas are not enabled. The
+default setting is <CODE>No</CODE>.</P>
+
+
+<H3 CLASS="title"><A NAME="BrowseAddress">BrowseAddress</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseAddress 255.255.255.255:631
+BrowseAddress 192.0.2.255:631
+BrowseAddress host.domain.com:631
+BrowseAddress @LOCAL
+BrowseAddress @IF(name)
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseAddress</CODE> directive specifies an address
+to send browsing information to. Multiple
+<CODE>BrowseAddress</CODE> directives can be specified to send
+browsing information to different networks or systems.</P>
+
+<P>The <CODE>@LOCAL</CODE> name will broadcast printer
+information to all local interfaces. The <CODE>@IF(name)</CODE>
+name will broadcast to the named interface.</P>
+
+<P>There is no default browse address.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>If you are using HP-UX 10.20 and a subnet that is not 24,
+16, or 8 bits, printer browsing (and in fact all broadcast
+reception) will not work. This problem appears to be fixed in
+HP-UX 11.0.</P>
+
+</BLOCKQUOTE>
+
+
+<H3 CLASS="title"><A NAME="BrowseAllow">BrowseAllow</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseAllow from all
+BrowseAllow from none
+BrowseAllow from 192.0.2
+BrowseAllow from 192.0.2.0/24
+BrowseAllow from 192.0.2.0/255.255.255.0
+BrowseAllow from *.domain.com
+BrowseAllow from @LOCAL
+BrowseAllow from @IF(name)
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseAllow</CODE> directive specifies a system or
+network to accept browse packets from. The default is to accept
+browse packets from all hosts.</P>
+
+<P>Host and domain name matching require that you enable the <A
+HREF="#HostNameLookups"><CODE>HostNameLookups</CODE></A>
+directive.</P>
+
+<P>IP address matching supports exact matches, partial addresses
+that match networks using netmasks of 255.0.0.0, 255.255.0.0, and
+255.255.255.0, or network addresses using the specified netmask
+or bit count.</P>
+
+<P>The <CODE>@LOCAL</CODE> name will allow browse data from all
+local interfaces. The <CODE>@IF(name)</CODE> name will allow
+browse data from the named interface.</P>
+
+
+<H3 CLASS="title"><A NAME="BrowseDeny">BrowseDeny</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseDeny from all
+BrowseDeny from none
+BrowseDeny from 192.0.2
+BrowseDeny from 192.0.2.0/24
+BrowseDeny from 192.0.2.0/255.255.255.0
+BrowseDeny from *.domain.com
+BrowseDeny from @LOCAL
+BrowseDeny from @IF(name)
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseDeny</CODE> directive specifies a system or
+network to reject browse packets from. The default is to not deny
+browse packets from any hosts.</P>
+
+<P>Host and domain name matching require that you enable the <A
+HREF="#HostNameLookups"><CODE>HostNameLookups</CODE></A>
+directive.</P>
+
+<P>IP address matching supports exact matches, partial addresses
+that match networks using netmasks of 255.0.0.0, 255.255.0.0, and
+255.255.255.0, or network addresses using the specified netmask
+or bit count.</P>
+
+<P>The <CODE>@LOCAL</CODE> name will block browse data from all
+local interfaces. The <CODE>@IF(name)</CODE> name will block
+browse data from the named interface.</P>
+
+
+<H3 CLASS="title"><A NAME="BrowseOrder">BrowseOrder</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseOrder allow,deny
+BrowseOrder deny,allow
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseOrder</CODE> directive specifies the order of
+allow/deny processing. The default order is
+<CODE>deny,allow</CODE>:</P>
+
+<UL>
+
+ <LI><CODE>allow,deny</CODE> - Deny browse packets by
+ default, then check <CODE>BrowseAllow</CODE> lines
+ followed by <CODE>BrowseDeny</CODE> lines.</LI>
+
+ <LI><CODE>deny,allow</CODE> - Allow browse packets by
+ default, then check <CODE>BrowseDeny</CODE> lines
+ followed by <CODE>BrowseAllow</CODE> lines.</LI>
+
+</UL>
+
+
+<H3 CLASS="title"><A NAME="BrowseInterval">BrowseInterval</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseInterval 0
+BrowseInterval 30
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseInterval</CODE> directive specifies the
+maximum amount of time between browsing updates. Specifying a
+value of 0 seconds disables outgoing browse updates but allows a
+server to receive printer information from other hosts.</P>
+
+<P>The <CODE>BrowseInterval</CODE> value should always be less
+than the <A HREF="#BrowseTimeout"><CODE>BrowseTimeout</CODE></A>
+value. Otherwise printers and classes will disappear from client
+systems between updates.</P>
+
+
+<H3 CLASS="title"><A NAME="BrowsePoll">BrowsePoll</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowsePoll 192.0.2.2:631
+BrowsePoll host.domain.com:631
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowsePoll</CODE> directive polls a server for
+available printers once every <A
+HREF="#BrowseInterval"><CODE>BrowseInterval</CODE></A> seconds.
+Multiple <CODE>BrowsePoll</CODE> directives can be specified to
+poll multiple servers.</P>
+
+<P>If <CODE>BrowseInterval</CODE> is set to 0 then the server is
+polled once every 30 seconds.</P>
+
+
+<H3 CLASS="title"><A NAME="BrowsePort">BrowsePort</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowsePort 631
+BrowsePort 9999
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowsePort</CODE> directive specifies the UDP port number
+used for browse packets. The default port number is 631.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>You must set the <CODE>BrowsePort</CODE> to the same value
+on all of the systems that you want to see.
+
+</BLOCKQUOTE>
+
+
+<H3 CLASS="title"><A NAME="BrowseProtocols">BrowseProtocols</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseProtocols CUPS
+BrowseProtocols SLP
+BrowseProtocols CUPS SLP
+BrowseProtocols all
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseProtocols</CODE> directive specifies the
+protocols to use when collecting and distributing shared printers
+on the local network. The default protocol is <CODE>CUPS</CODE>,
+which is a broadcast-based protocol.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>When using the <CODE>SLP</CODE> protocol, you must have at least
+one Directory Agent (DA) server on your network. Otherwise the
+CUPS scheduler (<CODE>cupsd</CODE>) will not respond to client
+requests for several seconds while polling the network.</P>
+
+</BLOCKQUOTE>
+
+
+<H3 CLASS="title"><A NAME="BrowseRelay">BrowseRelay</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseRelay 193.0.2.1 192.0.2.255
+BrowseRelay 193.0.2.0/255.255.255.0 192.0.2.255
+BrowseRelay 193.0.2.0/24 192.0.2.255
+BrowseRelay *.domain.com 192.0.2.255
+BrowseRelay host.domain.com 192.0.2.255
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseRelay</CODE> directive specifies source and
+destination addresses for relaying browsing information from one
+host or network to another. Multiple <CODE>BrowseRelay</CODE>
+directives can be specified as needed.</P>
+
+<P><CODE>BrowseRelay</CODE> is typically used on systems that
+bridge multiple subnets using one or more network interfaces. It
+can also be used to relay printer information from polled servers
+with the line:</P>
+
+<PRE CLASS="command">
+BrowseRelay 127.0.0.1 @LOCAL
+</PRE>
+
+<P>This effectively provides access to printers on a WAN for all
+clients on the LAN(s).</P>
+
+
+<H3 CLASS="title"><A NAME="BrowseShortNames">BrowseShortNames</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseShortNames Yes
+BrowseShortNames No
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseShortNames</CODE> directive specifies whether
+or not short names are used for remote printers when possible.
+Short names are just the remote printer name, without the server
+("printer"). If more than one remote printer is detected with the
+same name, the printers will have long names ("printer@server1",
+"printer@server2".)</P>
+
+<P>The default value for this option is <CODE>Yes</CODE>.</P>
+
+
+<H3 CLASS="title"><A NAME="BrowseTimeout">BrowseTimeout</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+BrowseTimeout 300
+BrowseTimeout 60
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>BrowseTimeout</CODE> directive sets the timeout for
+printer or class information that is received in browse packets.
+Once a printer or class times out it is removed from the list of
+available destinations.</P>
+
+<P>The <CODE>BrowseTimeout</CODE> value should always be greater
+than the <A
+HREF="#BrowseInterval"><CODE>BrowseInterval</CODE></A> value.
+Otherwise printers and classes will disappear from client systems
+between updates.</P>
+
+
+<H3 CLASS="title"><A NAME="Browsing">Browsing</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Browsing On
+Browsing Off
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Browsing</CODE> directive controls whether or not
+network printer browsing is enabled. The default setting is
+<CODE>On</CODE>.</P>
+
+<P>This directive does not enable sharing of local printers by
+itself; you must also use the <A
+HREF="#BrowseAddress"><CODE>BrowseAddress</CODE></A> or <A
+HREF="#BrowseProtocols"><CODE>BrowseProtocols</CODE></A>
+directives to advertise local printers to other systems.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>If you are using HP-UX 10.20 and a subnet that is not 24,
+16, or 8 bits, printer browsing (and in fact all broadcast
+reception) will not work. This problem appears to be fixed in
+HP-UX 11.0.</P>
+
+</BLOCKQUOTE>
+
+
+<H3 CLASS="title"><A NAME="Classification">Classification</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Classification
+Classification classified
+Classification confidential
+Classification secret
+Classification topsecret
+Classification unclassified
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Classification</CODE> directive sets the
+classification level on the server. When this option is set, at
+least one of the banner pages is forced to the classification
+level, and the classification is placed on each page of output.
+The default is no classification level.</P>
+
+
+<H3 CLASS="title"><A NAME="ClassifyOverride">ClassifyOverride</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ClassifyOverride Yes
+ClassifyOverride No
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ClassifyOverride</CODE> directive specifies whether
+users can override the default classification level on the
+server. When the server classification is set, users can change
+the classification using the <CODE>job-sheets</CODE> option and
+can choose to only print one security banner before or after the
+job. If the <CODE>job-sheets</CODE> option is set to
+<CODE>none</CODE> then the server default classification is
+used.</P>
+
+<P>The default is to not allow classification overrides.</P>
+
+
+<H3 CLASS="title"><A NAME="ConfigFilePerm">ConfigFilePerm</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ConfigFilePerm 0644
+ConfigFilePerm 0600
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ConfigFilePerm</CODE> directive specifies the
+permissions to use when writing configuration files. The default
+is 0600.</P>
+
+
+<H3 CLASS="title"><A NAME="DataDir">DataDir</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+DataDir /usr/share/cups
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>DataDir</CODE> directive sets the directory to use
+for data files.</P>
+
+
+<H3 CLASS="title"><A NAME="DefaultCharset">DefaultCharset</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+DefaultCharset utf-8
+DefaultCharset iso-8859-1
+DefaultCharset windows-1251
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>DefaultCharset</CODE> directive sets the default
+character set to use for client connections. The default
+character set is <CODE>utf-8</CODE> but is overridden by the
+character set for the language specified by the client or the
+<CODE>DefaultLanguage</CODE> directive.</P>
+
+
+<H3 CLASS="title"><A NAME="DefaultLanguage">DefaultLanguage</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+DefaultLanguage de
+DefaultLanguage en
+DefaultLanguage es
+DefaultLanguage fr
+DefaultLanguage it
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>DefaultLanguage</CODE> directive specifies the
+default language to use for client connections. Setting the
+default language also sets the default character set if a
+language localization file exists for it. The default language
+is "en" for English.</P>
+
+
+<H3 CLASS="title"><A NAME="Deny">Deny</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Deny from All
+Deny from None
+Deny from *.domain.com
+Deny from .domain.com
+Deny from host.domain.com
+Deny from nnn.*
+Deny from nnn.nnn.*
+Deny from nnn.nnn.nnn.*
+Deny from nnn.nnn.nnn.nnn
+Deny from nnn.nnn.nnn.nnn/mm
+Deny from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
+Deny from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
+Deny from @LOCAL
+Deny from @IF(name)
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Deny</CODE> directive specifies a hostname, IP
+address, or network that is allowed access to the server.
+<CODE>Deny</CODE> directives are cummulative, so multiple
+<CODE>Deny</CODE> directives can be used to allow access for
+multiple hosts or networks. The <CODE>/mm</CODE> notation
+specifies a CIDR netmask:</P>
+
+<DIV CLASS="table"><TABLE>
+<TR>
+ <TH WIDTH="10%">mm</TH>
+ <TH WIDTH="20%">netmask</TH>
+ <TH WIDTH="10%">mm</TH>
+ <TH WIDTH="20%">netmask</TH>
+</TR>
+<TR>
+ <TD ALIGN="CENTER">0</TD>
+ <TD ALIGN="CENTER">0.0.0.0</TD>
+ <TD ALIGN="CENTER">8</TD>
+ <TD ALIGN="CENTER">255.0.0.0</TD>
+</TR>
+<TR>
+ <TD ALIGN="CENTER">1</TD>
+ <TD ALIGN="CENTER">128.0.0.0</TD>
+ <TD ALIGN="CENTER">16</TD>
+ <TD ALIGN="CENTER">255.255.0.0</TD>
+</TR>
+<TR>
+ <TD ALIGN="CENTER">2</TD>
+ <TD ALIGN="CENTER">192.0.0.0</TD>
+ <TD ALIGN="CENTER">24</TD>
+ <TD ALIGN="CENTER">255.255.255.0</TD>
+</TR>
+<TR>
+ <TD ALIGN="CENTER">...</TD>
+ <TD ALIGN="CENTER">...</TD>
+ <TD ALIGN="CENTER">32</TD>
+ <TD ALIGN="CENTER">255.255.255.255</TD>
+</TR>
+</TABLE></DIV>
+
+<P>The <CODE>@LOCAL</CODE> name will deny access from all local
+interfaces. The <CODE>@IF(name)</CODE> name will deny access from
+the named interface.</P>
+
+<P>The <CODE>Deny</CODE> directive must appear inside a <A
+HREF="#Location"><CODE>Location</CODE></A> directive.</P>
+
+
+<H3 CLASS="title"><A NAME="DocumentRoot">DocumentRoot</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+DocumentRoot /usr/share/doc/cups
+DocumentRoot /foo/bar/doc/cups
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>DocumentRoot</CODE> directive specifies the location
+of web content for the HTTP server in CUPS. If an absolute path
+is not specified then it is assumed to be relative to the <A
+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
+default directory is <VAR>/usr/share/doc/cups</VAR>.</P>
+
+<P>Documents are first looked up in a sub-directory for the
+primary language requested by the client (e.g.
+<VAR>/usr/share/doc/cups/fr/...</VAR>) and then directly under
+the <CODE>DocumentRoot</CODE> directory (e.g.
+<VAR>/usr/share/doc/cups/...</VAR>), so it is possible to
+localize the web content by providing subdirectories for each
+language needed.</P>
+
+
+<H3 CLASS="title"><A NAME="Encryption">Encryption</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Encryption Never
+Encryption IfRequested
+Encryption Required
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Encryption</CODE> directive must appear instead a <A
+HREF="#Location"><CODE>Location</CODE></A> section and specifies
+the encryption settings for that location. The default setting is
+<CODE>IfRequested</CODE> for all locations.</P>
+
+
+<H3 CLASS="title"><A NAME="ErrorLog">ErrorLog</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ErrorLog /var/log/cups/error_log
+ErrorLog /var/log/cups/error_log-%s
+ErrorLog syslog
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ErrorLog</CODE> directive sets the name of the error
+log file. If the filename is not absolute then it is assumed to
+be relative to the <A
+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
+default error log file is <VAR>/var/log/cups/error_log</VAR>.</P>
+
+<P>The server name can be included in the filename by using
+<CODE>%s</CODE> in the name.</P>
+
+<P>The special name "syslog" can be used to send the error
+information to the system log instead of a plain file.</P>
+
+
+<H3 CLASS="title"><A NAME="FileDevice">FileDevice</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+FileDevice Yes
+FileDevice No
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>FileDevice</CODE> directive determines whether the
+scheduler allows new printers to be added using device URIs of
+the form <CODE>file:/filename</CODE>. File devices are most often
+used to test new printer drivers and do not support raw file
+printing.</P>
+
+<P>The default setting is <CODE>No</CODE>.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>File devices are managed by the scheduler. Since the
+scheduler normally runs as the root user, file devices
+can be used to overwrite system files and potentially
+gain unauthorized access to the system. If you must
+create printers using file devices, we recommend that
+you set the <CODE>FileDevice</CODE> directive to
+<CODE>Yes</CODE> for only as long as you need to add the
+printers to the system, and then reset the directive to
+<CODE>No</CODE>.</P>
+
+</BLOCKQUOTE>
+
+
+<H3 CLASS="title"><A NAME="FilterLimit">FilterLimit</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+FilterLimit 0
+FilterLimit 200
+FilterLimit 1000
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>FilterLimit</CODE> directive sets the maximum cost
+of all running job filters. It can be used to limit the number of
+filter programs that are run on a server to minimize disk,
+memory, and CPU resource problems. A limit of 0 disables filter
+limiting.</P>
+
+<P>An average print to a non-PostScript printer needs a filter
+limit of about 200. A PostScript printer needs about half that
+(100). Setting the limit below these thresholds will effectively
+limit the scheduler to printing a single job at any time.</P>
+
+<P>The default limit is 0.</P>
+
+
+<H3 CLASS="title"><A NAME="FontPath">FontPath</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+FontPath /foo/bar/fonts
+FontPath /usr/share/cups/fonts:/foo/bar/fonts
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>FontPath</CODE> directive specifies the font path to
+use when searching for fonts. The default font path is
+<CODE>/usr/share/cups/fonts</CODE>.</P>
+
+
+<H3 CLASS="title"><A NAME="Group">Group</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Group nobody
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Group</CODE> directive specifies the UNIX group that
+filter and CGI programs run as. The default group is
+<CODE>nobody</CODE>.</P>
+
+
+<H3 CLASS="title"><A NAME="HideImplicitMembers">HideImplicitMembers</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+HideImplicitMembers Yes
+HideImplicitMembers No
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>HideImplicitMembers</CODE> directive controls
+whether the individual printers in an implicit class are hidden
+from the user. The default is <CODE>Yes</CODE>.</P>
+
+<P><A HREF="#ImplicitClasses"><CODE>ImplicitClasses</CODE></A>
+must be enabled for this directive to have any effect.</P>
+
+
+<H3 CLASS="title"><A NAME="HostNameLookups">HostNameLookups</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+HostNameLookups On
+HostNameLookups Off
+HostNameLookups Double
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>HostNameLookups</CODE> directive controls whether or
+not CUPS looks up the hostname for connecting clients. The
+<CODE>Double</CODE> setting causes CUPS to verify that the
+hostname resolved from the address matches one of the addresses
+returned for that hostname. <CODE>Double</CODE> lookups also
+prevent clients with unregistered addresses from connecting to
+your server.</P>
+
+<P>The default is <CODE>Off</CODE> to avoid the potential server
+performance problems with hostname lookups. Set this option to
+<CODE>On</CODE> or <CODE>Double</CODE> only if absolutely
+required.</P>
+
+
+<H3 CLASS="title"><A NAME="ImplicitClasses">ImplicitClasses</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ImplicitClasses On
+ImplicitClasses Off
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ImplicitClasses</CODE> directive controls whether
+implicit classes are created based upon the available network
+printers and classes. The default setting is <CODE>On</CODE> but
+is automatically turned <CODE>Off</CODE> if <A
+HREF="#Browsing"><CODE>Browsing</CODE></A> is turned
+<CODE>Off</CODE>.</P>
+
+
+<H3 CLASS="title"><A NAME="ImplicitAnyClasses">ImplicitAnyClasses</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ImplicitAnyClasses On
+ImplicitAnyClasses Off
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ImplicitAnyClasses</CODE> directive controls
+whether implicit classes for local and remote printers are
+created with the name <CODE>AnyPrinter</CODE>. The default
+setting is <CODE>Off</CODE>.</P>
+
+<P><A HREF="#ImplicitClasses"><CODE>ImplicitClasses</CODE></A>
+must be enabled for this directive to have any effect.</P>
+
+
+<H3 CLASS="title"><A NAME="Include">Include</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Include filename
+Include /foo/bar/filename
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Include</CODE> directive includes the named file in
+the <CODE>cupsd.conf</CODE> file. If no leading path is provided,
+the file is assumed to be relative to the <A
+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory.</P>
+
+
+<H3 CLASS="title"><A NAME="KeepAlive">KeepAlive</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+KeepAlive On
+KeepAlive Off
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>KeepAlive</CODE> directive controls whether or not
+to support persistent HTTP connections. The default is
+<CODE>On</CODE>.</P>
+
+<P>HTTP/1.1 clients automatically support persistent connections,
+while HTTP/1.0 clients must specifically request them using the
+<CODE>Keep-Alive</CODE> attribute in the <CODE>Connection:</CODE>
+field of each request.</P>
+
+
+<H3 CLASS="title"><A NAME="KeepAliveTimeout">KeepAliveTimeout</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+KeepAliveTimeout 60
+KeepAliveTimeout 30
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>KeepAliveTimeout</CODE> directive controls how long
+a persistent HTTP connection will remain open after the last
+request. The default is 60 seconds.</P>
+
+
+<H3 CLASS="title"><A NAME="Limit">Limit</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+<Limit GET POST>
+...
+</Limit>
+
+<Limit ALL>
+...
+</Limit>
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Limit</CODE> directive groups access control
+directives for specific types of HTTP requests and must appear
+inside a <A HREF="#Location"><CODE>Location</CODE></A> section.
+Access can be limited for individual request types
+(<CODE>DELETE</CODE>, <CODE>GET</CODE>, <CODE>HEAD</CODE>,
+<CODE>OPTIONS</CODE>, <CODE>POST</CODE>, <CODE>PUT</CODE>, and
+<CODE>TRACE</CODE>) or for all request types (<CODE>ALL</CODE>).
+The request type names are case-sensitive for compatibility with
+Apache.</P>
+
+
+<H3 CLASS="title"><A NAME="LimitExcept">LimitExcept</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+<LimitExcept GET POST>
+...
+</LimitExcept>
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>LimitExcept</CODE> directive groups access control
+directives for specific types of HTTP requests and must appear
+inside a <A HREF="#Location"><CODE>Location</CODE></A> section.
+Unlike the <A HREF="#Limit"><CODE>Limit</CODE></A> directive,
+<CODE>LimitExcept</CODE> restricts access for all requests
+<I>except</I> those listed on the <CODE>LimitExcept</CODE>
+line.</P>
+
+
+<H3 CLASS="title"><A NAME="LimitRequestBody">LimitRequestBody</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+LimitRequestBody 10485760
+LimitRequestBody 10m
+LimitRequestBody 0
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>LimitRequestBody</CODE> directive controls the
+maximum size of print files, IPP requests, and HTML form data in
+HTTP POST requests. The default limit is 0 which disables the
+limit check.</P>
+
+
+<H3 CLASS="title"><A NAME="Listen">Listen</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Listen 127.0.0.1:631
+Listen 192.0.2.1:631
+Listen [::1]:631
+Listen *:631
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Listen</CODE> directive specifies a network address
+and port to listen for connections. Multiple <CODE>Listen</CODE>
+directives can be provided to listen on multiple addresses.</P>
+
+<P>The <CODE>Listen</CODE> directive is similar to the <A
+HREF="#Port"><CODE>Port</CODE></A> directive but allows you to
+restrict access to specific interfaces or networks.</P>
+
+
+<H3 CLASS="title"><A NAME="Location">Location</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+<Location />
+...
+</Location>
+
+<Location /admin>
+...
+</Location>
+
+<Location /admin/conf>
+...
+</Location>
+
+<Location /admin/log>
+...
+</Location>
+
+<Location /classes>
+...
+</Location>
+
+<Location /classes/name>
+...
+</Location>
+
+<Location /jobs>
+...
+</Location>
+
+<Location /printers>
+...
+</Location>
+
+<Location /printers/name>
+...
+</Location>
+
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Location</CODE> directive specifies access control
+and authentication options for the specified HTTP resource or
+path. The <A HREF="#Allow"><CODE>Allow</CODE></A>, <A
+HREF="#AuthType"><CODE>AuthType</CODE></A>, <A
+HREF="#Deny"><CODE>Deny</CODE></A>, <A
+HREF="#Encryption"><CODE>Encryption</CODE></A>, <A
+HREF="#Limit"><CODE>Limit</CODE></A>, <A
+HREF="#LimitExcept"><CODE>LimitExcept</CODE></A>, <A
+HREF="#Order"><CODE>Order</CODE></A>, <A
+HREF="#Require"><CODE>Require</CODE></A>, and <A
+HREF="#Satisfy"><CODE>Satisfy</CODE></A> directives may all
+appear inside a location.</P>
+
+<P>Note that more specific resources override the less specific
+ones. So the directives inside the <CODE>/printers/name</CODE>
+location will override ones from <CODE>/printers</CODE>.
+Directives inside <CODE>/printers</CODE> will override ones from
+<CODE>/</CODE>. None of the directives are inherited.</P>
+
+<DIV CLASS="table"><TABLE>
+<CAPTION>Common Locations on the Server</CAPTION>
+<TR><TH>Location</TH><TH>Description</TH></TR>
+<TR><TD><CODE>/</CODE></TD><TD>The path for all get operations (get-printers, get-jobs, etc.)</TD></TR>
+<TR><TD><CODE>/admin</CODE></TD><TD>The path for all administration operations (add-printer, delete-printer, start-printer, etc.)</TD></TR>
+<TR><TD><CODE>/admin/conf</CODE></TD><TD>The path for access to the CUPS configuration files (cupsd.conf, client.conf, etc.)</TD></TR>
+<TR><TD><CODE>/admin/log</CODE></TD><TD>The path for access to the CUPS log files (access_log, error_log, page_log)</TD></TR>
+<TR><TD><CODE>/classes</CODE></TD><TD>The path for all classes</TD></TR>
+<TR><TD><CODE>/classes/name</CODE></TD><TD>The resource for class <CODE>name</CODE></TD></TR>
+<TR><TD><CODE>/jobs</CODE></TD><TD>The path for all jobs (hold-job, release-job, etc.)</TD></TR>
+<TR><TD><CODE>/jobs/id</CODE></TD><TD>The resource for job <CODE>id</CODE></TD></TR>
+<TR><TD><CODE>/printers</CODE></TD><TD>The path for all printers</TD></TR>
+<TR><TD><CODE>/printers/name</CODE></TD><TD>The path for printer <CODE>name</CODE></TD></TR>
+<TR><TD><CODE>/printers/name.ppd</CODE></TD><TD>The PPD file path for printer <CODE>name</CODE></TD></TR>
+</TABLE></DIV>
+
+
+<H3 CLASS="title"><A NAME="LogFilePerm">LogFilePerm</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+LogFilePerm 0644
+LogFilePerm 0600
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>LogFilePerm</CODE> directive specifies the
+permissions to use when writing configuration files. The default
+is 0644.</P>
+
+
+<H3 CLASS="title"><A NAME="LogLevel">LogLevel</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+LogLevel none
+LogLevel emerg
+LogLevel alert
+LogLevel crit
+LogLevel error
+LogLevel warn
+LogLevel notice
+LogLevel info
+LogLevel debug
+LogLevel debug2
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>LogLevel</CODE> directive specifies the level of
+logging for the <A HREF="#ErrorLog"><CODE>ErrorLog</CODE></A>
+file. The following values are recognized (each level logs
+everything under the preceding levels):</P>
+
+<UL>
+
+ <LI><CODE>none</CODE> - Log nothing</LI>
+
+ <LI><CODE>emerg</CODE> - Log emergency conditions that
+ prevent the server from running</LI>
+
+ <LI><CODE>alert</CODE> - Log alerts that must be handled
+ immediately</LI>
+
+ <LI><CODE>crit</CODE> - Log critical errors that don't
+ prevent the server from running</LI>
+
+ <LI><CODE>error</CODE> - Log general errors</LI>
+
+ <LI><CODE>warn</CODE> - Log errors and warnings</LI>
+
+ <LI><CODE>notice</CODE> - Log temporary error conditions</LI>
+
+ <LI><CODE>info</CODE> - Log all requests and state
+ changes (default)</LI>
+
+ <LI><CODE>debug</CODE> - Log basic debugging
+ information</LI>
+
+ <LI><CODE>debug2</CODE> - Log all debugging
+ information</LI>
+
+</UL>
+
+
+<H3 CLASS="title"><A NAME="MaxClients">MaxClients</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+MaxClients 100
+MaxClients 1024
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>MaxClients</CODE> directive controls the maximum
+number of simultaneous clients that will be allowed by the
+server. The default is 100 clients.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>Since each print job requires a file descriptor for the status
+pipe, the scheduler internally limits the <CODE>MaxClients</CODE>
+value to 1/3 of the available file descriptors to avoid possible
+problems when printing large numbers of jobs.</P>
+
+</BLOCKQUOTE>
+
+
+<H3 CLASS="title"><A NAME="MaxClientsPerHost">MaxClientsPerHost</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+MaxClientsPerHost 10
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>MaxClientsPerHost</CODE> directive controls the
+maximum number of simultaneous clients that will be allowed from
+a single host by the server. The default is the
+<CODE>MaxClients</CODE> value.</P>
+
+<P>This directive provides a small measure of protection against
+Denial of Service attacks from a single host.</P>
+
+
+<H3 CLASS="title"><A NAME="MaxCopies">MaxCopies</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+MaxCopies 100
+MaxCopies 65535
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>MaxCopies</CODE> directive controls the maximum
+number of copies that a user can print of a job. The default is
+100 copies.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>Most HP PCL laser printers internally limit the number of
+copies to 100.</P>
+
+</BLOCKQUOTE>
+
+
+
+<H3 CLASS="title"><A NAME="MaxJobs">MaxJobs</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+MaxJobs 100
+MaxJobs 9999
+MaxJobs 0
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>MaxJobs</CODE> directive controls the maximum number
+of jobs that are kept in memory. Once the number of jobs reaches
+the limit, the oldest completed job is automatically purged from
+the system to make room for the new one. If all of the known jobs
+are still pending or active then the new job will be
+rejected.</P>
+
+<P>Setting the maximum size to 0 disables this functionality. The
+default setting is 0.</P>
+
+
+<H3 CLASS="title"><A NAME="MaxJobsPerPrinter">MaxJobsPerPrinter</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+MaxJobsPerPrinter 100
+MaxJobsPerPrinter 9999
+MaxJobsPerPrinter 0
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>MaxJobsPerPrinter</CODE> directive controls the
+maximum number of active jobs that are allowed for each printer
+or class. Once a printer or class reaches the limit, new jobs
+will be rejected until one of the active jobs is completed,
+stopped, aborted, or canceled.</P>
+
+<P>Setting the maximum to 0 disables this functionality. The
+default setting is 0.</P>
+
+
+<H3 CLASS="title"><A NAME="MaxJobsPerUser">MaxJobsPerUser</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+MaxJobsPerUser 100
+MaxJobsPerUser 9999
+MaxJobsPerUser 0
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>MaxJobsPerUser</CODE> directive controls the maximum
+number of active jobs that are allowed for each user. Once a user
+reaches the limit, new jobs will be rejected until one of the
+active jobs is completed, stopped, aborted, or canceled.</P>
+
+<P>Setting the maximum to 0 disables this functionality. The
+default setting is 0.</P>
+
+
+<H3 CLASS="title"><A NAME="MaxLogSize">MaxLogSize</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+MaxLogSize 1048576
+MaxLogSize 1m
+MaxLogSize 0
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>MaxLogSize</CODE> directive controls the maximum
+size of each log file. Once a log file reaches or exceeds the
+maximum size it is closed and renamed to <VAR>filename.O</VAR>.
+This allows you to rotate the logs automatically. The default
+size is 1048576 bytes (1MB).</P>
+
+<P>Setting the maximum size to 0 disables log rotation.</P>
+
+
+<H3 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="MaxRequestSize">MaxRequestSize</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+MaxRequestSize 10485760
+MaxRequestSize 10m
+MaxRequestSize 0
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>MaxRequestSize</CODE> directive controls the maximum
+size of print files, IPP requests, and HTML form data in HTTP
+POST requests. The default limit is 0 which disables the limit
+check.</P>
+
+<P><B>This directive is deprecated and will be replaced in a
+future CUPS release.</B> Use the <A
+HREF="#LimitRequestBody"><CODE>LimitRequestBody</CODE></A>
+directive instead.</P>
+
+
+<H3 CLASS="title"><A NAME="Order">Order</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Order Allow,Deny
+Order Deny,Allow
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Order</CODE> directive defines the default access
+control. The following values are supported:</P>
+
+<UL>
+
+ <LI><CODE>allow,deny</CODE> - Deny requests by default,
+ then check the <A HREF="#Allow"><CODE>Allow</CODE></A>
+ lines followed by the <A
+ HREF="#Deny"><CODE>Deny</CODE></A> lines</LI>
+
+ <LI><CODE>deny,allow</CODE> - Allow requests by default,
+ then check the <A HREF="#Deny"><CODE>Deny</CODE></A>
+ lines followed by the <A
+ HREF="#Allow"><CODE>Allow</CODE></A> lines</LI>
+
+</UL>
+
+<P>The <CODE>Order</CODE> directive must appear inside a <A
+HREF="#Location"><CODE>Location</CODE></A> directive.</P>
+
+
+<H3 CLASS="title"><A NAME="PageLog">PageLog</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+PageLog /var/log/cups/page_log
+PageLog /var/log/cups/page_log-%s
+PageLog syslog
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>PageLog</CODE> directive sets the name of the page
+log file. If the filename is not absolute then it is assumed to
+be relative to the <A
+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
+default page log file is <VAR>/var/log/cups/page_log</VAR>.</P>
+
+<P>The server name can be included in the filename by using
+<CODE>%s</CODE> in the name.</P>
+
+<P>The special name "syslog" can be used to send the page
+information to the system log instead of a plain file.</P>
+
+
+<H3 CLASS="title"><A NAME="Port">Port</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Port 631
+Port 80
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Port</CODE> directive specifies a port to listen on.
+Multiple <CODE>Port</CODE> lines can be specified to listen on
+multiple ports. The <CODE>Port</CODE> directive is equivalent to
+"<CODE>Listen *:nnn</CODE>". The default port is 631.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>On systems that support IPv6, this directive will bind to both
+the IPv4 and IPv6 wildcard address.</P>
+
+</BLOCKQUOTE>
+
+
+<H3 CLASS="title"><A NAME="PreserveJobHistory">PreserveJobHistory</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+PreserveJobHistory On
+PreserveJobHistory Off
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>PreserveJobHistory</CODE> directive controls whether
+the history of completed, canceled, or aborted print jobs is
+stored on disk.</P>
+
+<P>A value of <CODE>On</CODE> (the default) preserves job
+information until the administrator purges it with the
+<CODE>cancel</CODE> command.</P>
+
+<P>A value of <CODE>Off</CODE> removes the job information as
+soon as each job is completed, canceled, or aborted.</P>
+
+
+<H3 CLASS="title"><A NAME="PreserveJobFiles">PreserveJobFiles</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+PreserveJobFiles On
+PreserveJobFiles Off
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>PreserveJobFiles</CODE> directive controls whether
+the document files of completed, canceled, or aborted print jobs
+are stored on disk.</P>
+
+<P>A value of <CODE>On</CODE> preserves job files until the
+administrator purges them with the <CODE>cancel</CODE> command.
+Jobs can be restarted (and reprinted) as desired until they are
+purged.</P>
+
+<P>A value of <CODE>Off</CODE> (the default) removes the job
+files as soon as each job is completed, canceled, or aborted.</P>
+
+
+<H3 CLASS="title"><A NAME="Printcap">Printcap</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Printcap
+Printcap /etc/printcap
+Printcap /etc/printers.conf
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Printcap</CODE> directive controls whether or not a
+printcap file is automatically generated and updated with a list
+of available printers. If specified with no value, then no
+printcap file will be generated. The default is to generate a
+file named <VAR>/etc/printcap</VAR>.</P>
+
+<P>When a filename is specified (e.g. <VAR>/etc/printcap</VAR>),
+the printcap file is written whenever a printer is added or
+removed. The printcap file can then be used by applications that
+are hardcoded to look at the printcap file for the available
+printers.</P>
+
+
+<H3 CLASS="title"><A NAME="PrintcapFormat">PrintcapFormat</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+PrintcapFormat BSD
+PrintcapFormat Solaris
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>PrintcapFormat</CODE> directive controls the output
+format of the printcap file. The default is to generate a BSD
+printcap file.</P>
+
+
+<H3 CLASS="title"><A NAME="RemoteRoot">RemoteRoot</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+RemoteRoot remroot
+RemoteRoot root
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>RemoteRoot</CODE> directive sets the username for
+unauthenticated root requests from remote hosts. The default
+username is <VAR>remroot</VAR>. Setting <CODE>RemoteRoot</CODE>
+to <VAR>root</VAR> effectively disables this security
+mechanism.</P>
+
+
+<H3 CLASS="title"><A NAME="RequestRoot">RequestRoot</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+RequestRoot /var/spool/cups
+RequestRoot /foo/bar/spool/cups
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>RequestRoot</CODE> directive sets the directory for
+incoming IPP requests and HTML forms. If an absolute path is not
+provided then it is assumed to be relative to the <A
+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
+default request directory is <VAR>/var/spool/cups</VAR>.</P>
+
+
+<H3 CLASS="title"><A NAME="Require">Require</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Require group foo bar
+Require user john mary
+Require valid-user
+Require user @groupname
+Require user @SYSTEM
+Require user @OWNER
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Require</CODE> directive specifies that
+authentication is required for the resource. The
+<CODE>group</CODE> keyword specifies that the authenticated user
+must be a member of one or more of the named groups that
+follow.</P>
+
+<P>The <CODE>user</CODE> keyboard specifies that the
+authenticated user must be one of the named users or groups that
+follow. Group names are specified using the "@" prefix.</P>
+
+<P>The <CODE>valid-user</CODE> keyword specifies that any
+authenticated user may access the resource.</P>
+
+<P>The default is to do no authentication. This directive must
+appear inside a <A HREF="#Location"><CODE>Location</CODE></A>
+directive.</P>
+
+
+<H3 CLASS="title"><A NAME="RIPCache">RIPCache</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+RIPCache 8m
+RIPCache 1g
+RIPCache 2048k
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>RIPCache</CODE> directive sets the size of the
+memory cache used by Raster Image Processor ("RIP") filters such
+as <CODE>imagetoraster</CODE> and <CODE>pstoraster</CODE>. The
+size can be suffixed with a "k" for kilobytes, "m" for megabytes,
+or "g" for gigabytes. The default cache size is "8m", or 8
+megabytes.</P>
+
+
+<H3 CLASS="title"><A NAME="Satisfy">Satisfy</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Satisfy all
+Satisfy any
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Satisfy</CODE> directive specifies whether all
+conditions must be satisfied to allow access to the resource. If
+set to <CODE>all</CODE>, then all authentication and access
+control conditions must be satified to allow access.</P>
+
+<P>Setting <CODE>Satisfy</CODE> to <CODE>any</CODE> allows a user
+to gain access if the authentication or access control
+requirements are satisfied. For example, you might require
+authentication for remote access, but allow local access without
+authentication.</P>
+
+<P>The default is <CODE>all</CODE>. This directive must appear
+inside a <A HREF="#Location"><CODE>Location</CODE></A>
+directive.</P>
+
+
+<H3 CLASS="title"><A NAME="ServerAdmin">ServerAdmin</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ServerAdmin user@host
+ServerAdmin root@foo.bar.com
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ServerAdmin</CODE> directive identifies the email
+address for the administrator on the system. By default the
+administrator email address is <CODE>root@server</CODE>, where
+<CODE>server</CODE> is the server name.</P>
+
+
+<H3 CLASS="title"><A NAME="ServerBin">ServerBin</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ServerBin /usr/lib/cups
+ServerBin /foo/bar/lib/cups
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ServerBin</CODE> directive sets the directory for
+server-run executables. If an absolute path is not provided then
+it is assumed to be relative to the <A
+HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
+default executable directory is <VAR>/usr/lib/cups</VAR> or
+<VAR>/usr/lib32/cups</VAR> (IRIX 6.5).</P>
+
+
+<H3 CLASS="title"><A NAME="ServerCertificate">ServerCertificate</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ServerCertificate /etc/cups/ssl/server.crt
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ServerCertificate</CODE> directive specifies the
+location of the SSL certificate file used by the server when
+negotiating encrypted connections. The certificate must not be
+encrypted (password protected) since the scheduler normally runs
+in the background and will be unable to ask for a password.</P>
+
+<P>The default certificate file is
+<VAR>/etc/cups/ssl/server.crt</VAR>.</P>
+
+
+<H3 CLASS="title"><A NAME="ServerKey">ServerKey</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ServerKey /etc/cups/ssl/server.key
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ServerKey</CODE> directive specifies the location of
+the SSL private key file used by the server when negotiating
+encrypted connections.</P>
+
+<P>The default key file is
+<VAR>/etc/cups/ssl/server.crt</VAR>.</P>
+
+
+<H3 CLASS="title"><A NAME="ServerName"></A>ServerName</H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ServerName foo.domain.com
+ServerName myserver.domain.com
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ServerName</CODE> directive specifies the hostname
+that is reported to clients. By default the server name is the
+hostname.</P>
+
+
+<H3 CLASS="title"><A NAME="ServerRoot">ServerRoot</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+ServerRoot /etc/cups
+ServerRoot /foo/bar/cups
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>ServerRoot</CODE> directive specifies the absolute
+path to the server configuration and state files. It is also used
+to resolve relative paths in the <VAR>cupsd.conf</VAR> file. The
+default server directory is <VAR>/etc/cups</VAR>.</P>
+
+
+<H3 CLASS="title"><A NAME="SSLListen">SSLListen</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+SSLListen 127.0.0.1:443
+SSLListen 192.0.2.1:443
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>SSLListen</CODE> directive specifies a network
+address and port to listen for secure connections. Multiple
+<CODE>SSLListen</CODE> directives can be provided to listen on
+multiple addresses.</P>
+
+<P>The <CODE>SSLListen</CODE> directive is similar to the <A
+HREF="#SSLPort"><CODE>SSLPort</CODE></A> directive but allows you
+to restrict access to specific interfaces or networks.</P>
+
+
+<H3 CLASS="title"><A NAME="SSLPort">SSLPort</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+SSLPort 443
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>SSLPort</CODE> directive specifies a port to listen
+on for secure connections. Multiple <CODE>SSLPort</CODE> lines
+can be specified to listen on multiple ports.</P>
+
+
+<H3 CLASS="title"><A NAME="SystemGroup">SystemGroup</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+SystemGroup lpadmin
+SystemGroup sys
+SystemGroup system
+SystemGroup root
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>SystemGroup</CODE> directive specifies the system
+administration group for <CODE>System</CODE> authentication.</P>
+
+
+<H3 CLASS="title"><A NAME="TempDir">TempDir</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+TempDir /var/tmp
+TempDir /foo/bar/tmp
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>TempDir</CODE> directive specifies an absolute path
+for the directory to use for temporary files. The default
+directory is <VAR>/var/spool/cups/tmp</VAR>.</P>
+
+<P>Temporary directories must be world-writable and should have
+the "sticky" permission bit enabled so that other users cannot
+delete filter temporary files. The following commands will create
+an appropriate temporary directory called
+<VAR>/foo/bar/tmp</VAR>:</P>
+
+<PRE CLASS="command">
+<KBD>mkdir /foo/bar/tmp</KBD>
+<KBD>chmod a+rwxt /foo/bar/tmp</KBD>
+</PRE>
+
+
+<H3 CLASS="title"><A NAME="Timeout">Timeout</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+Timeout 300
+Timeout 90
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>Timeout</CODE> directive controls the amount of time
+to wait before an active HTTP or IPP request times out. The
+default timeout is 300 seconds.</P>
+
+
+<H3 CLASS="title"><A NAME="User">User</A></H3>
+
+<H4>Examples</H4>
+
+<PRE CLASS="command">
+User lp
+User guest
+</PRE>
+
+<H4>Description</H4>
+
+<P>The <CODE>User</CODE> directive specifies the UNIX user that
+filter and CGI programs run as. The default user is
+<CODE>lp</CODE>.</P>
+
+<BLOCKQUOTE><B>Note:</B>
+
+<P>You may not use user <CODE>root</CODE>, as that would expose
+the system to unacceptable security risks. The scheduler will
+automatically choose user <CODE>nobody</CODE> if you specify a
+user whose ID is 0.</P>
+
+</BLOCKQUOTE>
+
+
+</BODY>
+</HTML>
projects / thirdparty / cups.git / blobdiff