[Mailman-Users] Web Admin Security Question
Mark Sapiro
mark at msapiro.net
Tue May 22 20:25:49 CEST 2012
Dennis Putnam wrote:
>
>I assume you mean the entire mailman site as opposed to the entire web
>site.
No. I meant the entire web site. Just because you put something in
/etc/httpd/conf.d/mailman.conf doesn't make it magically just apply to
Mailman. It depends on where in httpd.conf that file is included.
In a normal Centos distro, the
Include conf.d/*.conf
directive is in the Global Environment section of httpd.conf and thus
anything in any of the included files affects or at least sets a
default for the entire site.
If you want to force https only for Mailman CGIs, your rewrite rule
should be something like
RewriteRule ^/mailman(/.*) https://%{HTTP_HOST}/mailman$1 [L,R]
If you want to include forced https for public archive access (why
would you?), maybe something like
RewriteRule ^/pipermail(/.*) https://%{HTTP_HOST}/pipermail$1 [R]
RewriteRule ^/mailman(/.*) https://%{HTTP_HOST}/mailman$1 [L,R]
or
RewriteRule ^/(mailman|pipermail)(/.*) https://%{HTTP_HOST}/$1$2 [L,R]
would be appropriate.
>Yes, that is what I want. Yes, it SHOULD work but doesn't. The
>main problem is that there are no errors anywhere I can find and I have
>no idea how to debug this.
Have you looked in all the httpd logs (/var/log/httpd/*log)?
What actually happens when you go to
<http://www.example.com/mailman/admin/>?
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list