[Mailman-Users] List marked private, still accessible from web?

Michael Urashka murashka at anticlockwise.com
Thu May 11 00:29:40 CEST 2006

> >Additionally, going
> >to the Mailman-run web site for one of the mailing lists (the page
> >people can subscribe from or view the archives, etc), when one clicks
> >one the Archives, one isn't prompted
> >for authentication and just gets the /mailman/private/list archive pages
> >(listed by month: thread/author/subject/date) and one is able to click
> >and read the archives.
> Most likely because you previously authorized as the list admin (or a
> list member) during that browser session and still have the
> authorization cookie.
> Making the archive private should do it.

This indeed seemed to be the case! Two systems we had been accessing the 
lists from both had the authentication cookie. Deleting all cookies and 
trying to access the :


Now prompts for email address and password. Many thanks. 


One last current issue though. Currently going directly to a page 
like this still lets me in after deleting cookies of course.


But these pages give a 'Forbidden' error:


Looking in Apache's httpd.conf there's an alias for pipermail into:

Alias /pipermail/ "/usr/local/mailman/archives/private/"

Will changing this (or commenting it out) likely break access to any 
of the public lists on the same server? Having inherited these mailing 
lists and mailman and web server, I'm uncertain exactly how things were 
set up and should be.

Or should I just put a .htaccess file (or directive in httpd.conf) in the 
/usr/local/mailman/archives/private/ directory?


More information about the Mailman-Users mailing list