Re: [Mailman-Users] Root URL / vs /listinfo?

On 12/12/2016 02:39 PM, Caesar Samsi wrote:
When you go to http://mail.mydomain.com/, where do you wind up? I.e., whats the URL in the address bar of your browser, and is the resultant page an actual page or a 404?
I end up at https://mail.mydomain.com/listinfo
Which is correct, right?
What happens if you go to https://mail.mydomain.com/?
I end up at https://mail.mydomain.com/
And you want to end up at https://mail.mydomain.com/listinfo, right.
The probable answer to that is you are doing the redirect from http://mail.mydomain.com/ to http://mail.mydomain.com/listinfo before the redirect from http to https.
See below.
In /etc/apache2/sites-available I have mailman.con which contains a number of redirects as follows:
<VirtualHost *:80> ServerName mydomain.us ServerAdmin gigs@amydomain.com Redirect / https://mydomain.us/
</VirtualHost>
So going to http://mydomain.us/... will redirect to https://mydomain.us/...
<VirtualHost *:80> ServerName www.mydomain.us ServerAdmin gigs@amydomain.com Redirect / https://mail.mydomain.us/
</VirtualHost>
And going to http://www.mydomain.us/... will redirect to https://mail.mydomain.us/...
<VirtualHost *:80> ServerName mail.mydomain.us ServerAdmin gigs@mydomain.com Redirect / https://mail.mydomain.us
And going to http://mail.mydomain.us/... will redirect to https://mail.mydomain.us/...
ErrorLog /var/log/apache2/mailman-error.log CustomLog /var/log/apache2/mailman-access.log combined
<Directory /var/lib/cgi-bin/mailman> Options FollowSymLinks AllowOverride All Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Require all granted
</Directory>
</VirtualHost>
and aliases as follows:
Alias /AUP /var/www/html/AUP Alias /pipermail/ /var/lib/mailman/archives/public/ Alias /postfixadmin /var/www/html/postfixadmin Alias /roundcube /var/www/html/roundcube Alias /images/mailman/ /usr/share/images/mailman/ ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm ScriptAlias /create /usr/lib/cgi-bin/mailman/create ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo ScriptAlias /options /usr/lib/cgi-bin/mailman/options ScriptAlias /private /usr/lib/cgi-bin/mailman/private ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/ ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo
So it appears you are relying on
ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo
to get to the listinfo page from an http(s)://host/ url. Aside from the fact that this isn't a redirect which would explain why when you go to https://mail.mydomain.com/ the address you wind up at is still https://mail.mydomain.com/ (but is it in fact the listinfo page?), it seems very bad because it means that going to any URL like http(s)://host/something, where 'something' is anything that doesn't match one of the preceding Alias or ScripAlias directives will invoke the script /usr/lib/cgi-bin/mailman/listinfosomething that doesn't exist, and even if you made it
ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo/
It would still invoke the script /usr/lib/cgi-bin/mailman/listinfo/something which will probably give a "No such list something" error on the returned listinfo page with http(s)://host/something still in the browser's address bar.
Further, this doesn't explain how http://mail.mydomain.com/ redirects to http://mail.mydomain.com/listinfo before redirecting to https.

[dangit had to resend, used a non-member alias]
Hmm but I want to enter http://mail.mydomain.com/ http://mail.mydomain.com/ (root non SSL) and end up at https://mail.mydomain.com/ https://mail.mydomain.com/ (root with SSL) but which serves up listinfo as it has been ScriptAlias’ed to
(i.e. serves up /listinfo but without the URL /listinfo)
I guess I can live with it, the intent of redirecting from root to mailman works well.
Thank you, Caesar.
On Dec 13, 2016, at 5:06 PM, Mark Sapiro mark@msapiro.net wrote:
On 12/12/2016 02:39 PM, Caesar Samsi wrote:
When you go to http://mail.mydomain.com/, where do you wind up? I.e., whats the URL in the address bar of your browser, and is the resultant page an actual page or a 404?
I end up at https://mail.mydomain.com/listinfo
Which is correct, right?
What happens if you go to https://mail.mydomain.com/?
I end up at https://mail.mydomain.com/
And you want to end up at https://mail.mydomain.com/listinfo, right.
The probable answer to that is you are doing the redirect from http://mail.mydomain.com/ to http://mail.mydomain.com/listinfo before the redirect from http to https.
See below.
In /etc/apache2/sites-available I have mailman.con which contains a number of redirects as follows:
<VirtualHost *:80> ServerName mydomain.us ServerAdmin gigs@amydomain.com Redirect / https://mydomain.us/
</VirtualHost>
So going to http://mydomain.us/... will redirect to https://mydomain.us/...
<VirtualHost *:80> ServerName www.mydomain.us ServerAdmin gigs@amydomain.com Redirect / https://mail.mydomain.us/
</VirtualHost>
And going to http://www.mydomain.us/... will redirect to https://mail.mydomain.us/...
<VirtualHost *:80> ServerName mail.mydomain.us ServerAdmin gigs@mydomain.com Redirect / https://mail.mydomain.us
And going to http://mail.mydomain.us/... will redirect to https://mail.mydomain.us/...
ErrorLog /var/log/apache2/mailman-error.log CustomLog /var/log/apache2/mailman-access.log combined
<Directory /var/lib/cgi-bin/mailman> Options FollowSymLinks AllowOverride All Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Require all granted
</Directory>
</VirtualHost>
and aliases as follows:
Alias /AUP /var/www/html/AUP Alias /pipermail/ /var/lib/mailman/archives/public/ Alias /postfixadmin /var/www/html/postfixadmin Alias /roundcube /var/www/html/roundcube Alias /images/mailman/ /usr/share/images/mailman/ ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm ScriptAlias /create /usr/lib/cgi-bin/mailman/create ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo ScriptAlias /options /usr/lib/cgi-bin/mailman/options ScriptAlias /private /usr/lib/cgi-bin/mailman/private ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/ ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo
So it appears you are relying on
ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo
to get to the listinfo page from an http(s)://host/ url. Aside from the fact that this isn't a redirect which would explain why when you go to https://mail.mydomain.com/ the address you wind up at is still https://mail.mydomain.com/ (but is it in fact the listinfo page?), it seems very bad because it means that going to any URL like http(s)://host/something, where 'something' is anything that doesn't match one of the preceding Alias or ScripAlias directives will invoke the script /usr/lib/cgi-bin/mailman/listinfosomething that doesn't exist, and even if you made it
ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo/
It would still invoke the script /usr/lib/cgi-bin/mailman/listinfo/something which will probably give a "No such list something" error on the returned listinfo page with http(s)://host/something still in the browser's address bar.
Further, this doesn't explain how http://mail.mydomain.com/ redirects to http://mail.mydomain.com/listinfo before redirecting to https.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

On 12/13/2016 06:50 PM, Caesar Samsi wrote:
[dangit had to resend, used a non-member alias]
Hmm but I want to enter http://mail.mydomain.com/ (root non SSL) and end up at https://mail.mydomain.com/ (root with SSL) but which serves up listinfo as it has been ScriptAlias’ed to
(i.e. serves up /listinfo but without the URL /listinfo)
Somewhere in some part of your apache configuration that you haven't posted there is a redirect from http://mail.mydomain.com/ to http://mail.mydomain.com/listinfo.
participants (2)
-
Caesar Samsi
-
Mark Sapiro