Odd issue after setting Mailman to use https by default.
Last week I got a notification from our SSL cert provider that the cert for our mailman server was expiring, so I renewed it, and realized that when I rebuilt the server last year I didn’t actually enable it in Apache.
So I did, and added a rewrite rule in the httpd.conf to force all traffic to use https.
After that, whenever a moderator or admin tried to submit a response for a held message, we would get a pop-up stating that “This form is insecure” , if we proceeded, the form submitted but nothing would happen…the message was not approved or discarded.
After I removed the rewrite rule, the action works now, but it drops me onto the http:// site not https:// .
Is there some site setting in Mailman I am missing to tell it to always use https:// ?
(MM version version 2.1.29 running on Rocky Linux 8.5)
-- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group
Institutions do not have opinions, merely customs
See https://wiki.list.org/DOC/4.27%20Securing%20Mailman%27s%20web%20GUI%20by%20u...
Summary: set DEFAULT_URL_PATTERN to use https and run 'withlist -l -r fix_url <list>" with every list.
On 2022-06-21 at 11:39:49 UTC-0400 (Tue, 21 Jun 2022 15:39:49 +0000) Bruce Johnson via Mailman-Users <johnson@Pharmacy.Arizona.EDU> is rumored to have said:
Last week I got a notification from our SSL cert provider that the cert for our mailman server was expiring, so I renewed it, and realized that when I rebuilt the server last year I didn’t actually enable it in Apache.
So I did, and added a rewrite rule in the httpd.conf to force all traffic to use https.
After that, whenever a moderator or admin tried to submit a response for a held message, we would get a pop-up stating that “This form is insecure” , if we proceeded, the form submitted but nothing would happen…the message was not approved or discarded.
After I removed the rewrite rule, the action works now, but it drops me onto the http:// site not https:// .
Is there some site setting in Mailman I am missing to tell it to always use https:// ?
(MM version version 2.1.29 running on Rocky Linux 8.5)
-- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group
Institutions do not have opinions, merely customs
Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-leave@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
-- Bill Cole bill@scconsult.com or billcole@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
participants (2)
-
Bill Cole
-
Bruce Johnson