[Mailman-Users] Secure the admin pages
Mike Hanby
flakrat at yahoo.com
Fri Aug 19 17:45:20 CEST 2005
Thanks Jim, I'll give that a shot.
Does anyone know if the admin admindb and others are secure, or are there
known ways to get around them to get to the membership email list?
-----Original Message-----
From: Jim Tittsler [mailto:jwt at onjapan.net]
Sent: Thursday, August 18, 2005 23:00
To: Mike Hanby
Cc: mailman-users at python.org
Subject: Re: [Mailman-Users] Secure the admin pages
On 2005-08-18 23:14, Mike Hanby wrote:
> Howdy, does anyone know if it's possible to secure the admin pages with an
> .htaccess type security?
[...]
> Ex: http://www.mydomain.com/mailman/admin/mailinglist
>
> Going to this page would pop up an Apache login prompt. If successful,
then
> the page would load where they would then have to log in using mailman's
> "List Administrator Password".
You could use a FilesMatch directive to restrict access to the cgi
scripts you were interested in:
<FilesMatch (admin|admindb|create|edithtml|rmlist)>
AuthName "Mailman"
[...]
require valid-user
</FilesMatch>
(Or a LocationMatch directive in your Apache configuration.)
Jim
P.S. Your message might get more attention if you sent a new message
to the mailing list rather than hijacking an existing thread (as you
did by replying to a different message and simply changing the
subject). People that browse the list by thread might not see your
message the way you have done it.
--
Jim Tittsler http://www.OnJapan.net/ GPG: 0x01159DB6
Python Starship http://Starship.Python.net/crew/jwt/
Mailman IRC irc://irc.freenode.net/#mailman
More information about the Mailman-Users
mailing list