[Mailman-Users] Root URL / vs /listinfo?
Mark Sapiro
mark at msapiro.net
Tue Dec 13 20:06:11 EST 2016
On 12/12/2016 02:39 PM, Caesar Samsi wrote:
> When you go to http://mail.mydomain.com/, where do you wind up? I.e.,
> whats the URL in the address bar of your browser, and is the resultant
> page an actual page or a 404?
>
> I end up at https://mail.mydomain.com/listinfo
Which is correct, right?
> What happens if you go to https://mail.mydomain.com/?
>
> I end up at https://mail.mydomain.com/
And you want to end up at https://mail.mydomain.com/listinfo, right.
The probable answer to that is you are doing the redirect from
http://mail.mydomain.com/ to http://mail.mydomain.com/listinfo before
the redirect from http to https.
See below.
> In /etc/apache2/sites-available I have mailman.con which contains a number of redirects as follows:
>
> <VirtualHost *:80>
> ServerName mydomain.us
> ServerAdmin gigs at amydomain.com
> Redirect / https://mydomain.us/
> </VirtualHost>
So going to http://mydomain.us/... will redirect to https://mydomain.us/...
> <VirtualHost *:80>
> ServerName www.mydomain.us
> ServerAdmin gigs at amydomain.com
> Redirect / https://mail.mydomain.us/
> </VirtualHost>
And going to http://www.mydomain.us/... will redirect to
https://mail.mydomain.us/...
> <VirtualHost *:80>
> ServerName mail.mydomain.us
> ServerAdmin gigs at mydomain.com
> Redirect / https://mail.mydomain.us
And going to http://mail.mydomain.us/... will redirect to
https://mail.mydomain.us/...
> ErrorLog /var/log/apache2/mailman-error.log
> CustomLog /var/log/apache2/mailman-access.log combined
>
> <Directory /var/lib/cgi-bin/mailman>
> Options FollowSymLinks
> AllowOverride All
> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
> Require all granted
> </Directory>
>
> </VirtualHost>
>
> and aliases as follows:
>
> Alias /AUP /var/www/html/AUP
> Alias /pipermail/ /var/lib/mailman/archives/public/
> Alias /postfixadmin /var/www/html/postfixadmin
> Alias /roundcube /var/www/html/roundcube
> Alias /images/mailman/ /usr/share/images/mailman/
> ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin
> ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb
> ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm
> ScriptAlias /create /usr/lib/cgi-bin/mailman/create
> ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml
> ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo
> ScriptAlias /options /usr/lib/cgi-bin/mailman/options
> ScriptAlias /private /usr/lib/cgi-bin/mailman/private
> ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist
> ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster
> ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe
> ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
> ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo
So it appears you are relying on
ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo
to get to the listinfo page from an http(s)://host/ url. Aside from the
fact that this isn't a redirect which would explain why when you go to
https://mail.mydomain.com/ the address you wind up at is still
https://mail.mydomain.com/ (but is it in fact the listinfo page?), it
seems very bad because it means that going to any URL like
http(s)://host/something, where 'something' is anything that doesn't
match one of the preceding Alias or ScripAlias directives will invoke
the script /usr/lib/cgi-bin/mailman/listinfosomething that doesn't
exist, and even if you made it
ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo/
It would still invoke the script
/usr/lib/cgi-bin/mailman/listinfo/something which will probably give a
"No such list something" error on the returned listinfo page with
http(s)://host/something still in the browser's address bar.
Further, this doesn't explain how http://mail.mydomain.com/ redirects to
http://mail.mydomain.com/listinfo before redirecting to https.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list