On 10 May 2006, at 23:29, Michael Urashka wrote: >>> Additionally, going >>> to the Mailman-run web site for one of the mailing lists (the page >>> people can subscribe from or view the archives, etc), when one >>> clicks >>> one the Archives, one isn't prompted >>> for authentication and just gets the /mailman/private/list >>> archive pages >>> (listed by month: thread/author/subject/date) and one is able to >>> click >>> and read the archives. >> >> Most likely because you previously authorized as the list admin (or a >> list member) during that browser session and still have the >> authorization cookie. >> >> Making the archive private should do it. > > This indeed seemed to be the case! Two systems we had been > accessing the > lists from both had the authentication cookie. Deleting all cookies > and > trying to access the : > > http://www.somewebsite.com/mailman/private/somelist > > Now prompts for email address and password. Many thanks. > > ### > > One last current issue though. Currently going directly to a page > like this still lets me in after deleting cookies of course. > > http://www.somesite.com/pipermail/somelist/2005-October/000003.html > > But these pages give a 'Forbidden' error: > > http://www.somesite.com/pipermail/ > http://www.somesite.com/pipermail/somelist/ > http://www.somesite.com/pipermail/somelist/2005-October/ > > Looking in Apache's httpd.conf there's an alias for pipermail into: > > Alias /pipermail/ "/usr/local/mailman/archives/private/" >
This should probably read: Alias /pipermail/ "/usr/local/mailman/archives/public/" > Will changing this (or commenting it out) likely break access to any > of the public lists on the same server? Having inherited these mailing > lists and mailman and web server, I'm uncertain exactly how things > were > set up and should be. > > Or should I just put a .htaccess file (or directive in httpd.conf) > in the > /usr/local/mailman/archives/private/ directory? > > -- > Michael ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
