[Mailman-Users] .htaccess protection of archives

Adam McGreggor adam-mailman at amyl.org.uk
Tue Feb 9 17:49:55 CET 2010

On Mon, Feb 08, 2010 at 03:40:44PM +0000, Phil Ewels wrote:
> I'd like to protect my mailing list archives behind some .htaccess 
> protection, but my mailman installation is a central one which serves a 
> number of different websites.
> I was thinking I could get around this by using a script to automate a 
> log in to the archives and then scraping the results back to my 
> .htaccess protected folder. 

How about setting the archive directory for each applicable list as it's own
<Directory> in a vhost config, I dunno, something like: (untested)

    <VirtualHost *:443>
        ServerName      archives.lists.example.org
        DocumentRoot    /usr/local/mailman/archives/private/

        Options         -Indexes

        <Directory /usr/local/mailman/archives/private/listname>
            AuthType        basic
            AuthName        "Private Archive"
            AuthUserFile    /path/to/htpasswd.file
            Require         valid-user
            Options         +Indexes

or perhaps use a glob and AllowOverrides (assuming Apache as your
httpd), or something like one of the Match directives.

Just as an idea, in production, you'll possibly want to lock-down a
virtualhost like that a bit more.

> Alternatively, if anyone can think of another way to get the archives 
> behind a .htaccess wall I'd be keen to hear!

Failing the hackish monstrosity above, you might find

(and elsewhere in https://secure.mysociety.org/cvstrac/dir?d=mysociety/lists)

useful if you're a coder.

``If the media object to a judgment or sentencing decision, 
  we suggest they focus their efforts on persuading the 
  Government to rectify the legal and policy framework.''
    (Lords' Select Committee on Constitution: Eleventh Report)

More information about the Mailman-Users mailing list