[Mailman-Users] https for admin pages only question
Michael Dunston
mdunston at music.vt.edu
Mon Mar 10 09:44:01 CET 2003
Can the links and form-actions for admin pages be reset to https without
affecting the regular list (subscribers) links? I have set apache to
redirect all '/mailman/admin/' and '/mailman/admindb/' requests to the
SSL site; but all of the built-in admin links and form actions on those
pages still point to "http://." So while the apache redirects do work,
this causes the "you are leaving a secure site" and "you are entering a
secure site" message every time a link is clicked or form submitted.
The DEFAULT_URL_PATTERN = 'http://%s/mailman/' parameter seems to control
this behavior; is there a way to set something like 'https://%s/mailman/
admin/' in addition so that just the admin pages are populated with https
instead of http?
I found something similar in the archives which mentions 'what' to do,
but no description of 'how' to do it:
>From: Vivek Khera
>
>If you redirect a POST using mod_redirect, you lose the data. The
>workaround is to capture the POST data from the original request,
>convert it to a GET and redirect to that. But then if you're sending
>the first request in the clear, what exactly do you gain by
>redirecting to SSL after all the info just went by cleartext?
>
>You need to fix it up so that the page is submitted *directly* to the
>SSL secured URL.
Thanks in advance for any suggestions.
.. . . . . . . . . . .
Michael Dunston
Music and Technology
http://www.music.vt.edu
Virginia Tech School of the Arts
More information about the Mailman-Users
mailing list