[Mailman-Users] List marked private, still accessible from web?
Richard Barrett
r.barrett at openinfo.co.uk
Thu May 11 00:58:13 CEST 2006
On 10 May 2006, at 23:29, Michael Urashka wrote:
>>> Additionally, going
>>> to the Mailman-run web site for one of the mailing lists (the page
>>> people can subscribe from or view the archives, etc), when one
>>> clicks
>>> one the Archives, one isn't prompted
>>> for authentication and just gets the /mailman/private/list
>>> archive pages
>>> (listed by month: thread/author/subject/date) and one is able to
>>> click
>>> and read the archives.
>>
>> Most likely because you previously authorized as the list admin (or a
>> list member) during that browser session and still have the
>> authorization cookie.
>>
>> Making the archive private should do it.
>
> This indeed seemed to be the case! Two systems we had been
> accessing the
> lists from both had the authentication cookie. Deleting all cookies
> and
> trying to access the :
>
> http://www.somewebsite.com/mailman/private/somelist
>
> Now prompts for email address and password. Many thanks.
>
> ###
>
> One last current issue though. Currently going directly to a page
> like this still lets me in after deleting cookies of course.
>
> http://www.somesite.com/pipermail/somelist/2005-October/000003.html
>
> But these pages give a 'Forbidden' error:
>
> http://www.somesite.com/pipermail/
> http://www.somesite.com/pipermail/somelist/
> http://www.somesite.com/pipermail/somelist/2005-October/
>
> Looking in Apache's httpd.conf there's an alias for pipermail into:
>
> Alias /pipermail/ "/usr/local/mailman/archives/private/"
>
This should probably read:
Alias /pipermail/ "/usr/local/mailman/archives/public/"
> Will changing this (or commenting it out) likely break access to any
> of the public lists on the same server? Having inherited these mailing
> lists and mailman and web server, I'm uncertain exactly how things
> were
> set up and should be.
>
> Or should I just put a .htaccess file (or directive in httpd.conf)
> in the
> /usr/local/mailman/archives/private/ directory?
>
> --
> Michael
More information about the Mailman-Users
mailing list