[Mailman-Users] .htaccess protection of archives

Phil Ewels phil at tallphil.co.uk
Tue Feb 9 16:23:27 CET 2010

I'd like to avoid using the standard private archives because that would 
require users to log in a second time, with a second username and 
password. I'm attempting to hide everything behind a single .htaccess wall.

The other reason is that the users are currently being signed up by an 
automated script, which does it silently, so they are not getting any 
welcome messages and will not know what their subscription password is.

I'll have a go using ?password=PASSWORD and see where I get to...



Mark Sapiro wrote:
> Phil Ewels wrote:
>> I'd like to protect my mailing list archives behind some .htaccess 
>> protection, but my mailman installation is a central one which serves a 
>> number of different websites.
> Why not just use private archives? You could use a .htaccess file to
> prevent access by URL if you really don't want public access at all.
> Then all archive access would have to be through
> Mailman/Cgi/private.py.
>> I was thinking I could get around this by using a script to automate a 
>> log in to the archives and then scraping the results back to my 
>> .htaccess protected folder. I'm using GET variables to use the 
>> subscription page at the moment (adding &adminpw=PASSWORD onto the end 
>> of the url) and was wondering if there was anything similar that I could 
>> do with the archives?
> If for some reason Mailman's private archive authentication is not
> satisfactory and you want to bypass the login page, you can append
> ?password=PASSWORD (where PASSWORD is a list admin or moderator or
> site admin password) to any private archive URL.
>> Alternatively, if anyone can think of another way to get the archives 
>> behind a .htaccess wall I'd be keen to hear!
> If I understood the desired end result, I might be able to suggest more.

More information about the Mailman-Users mailing list