Now that SSL is the standard for accessing webpages, especially login pages, when is cPanel going to allow Mailman to FULLY allow secure access? I continually have clients coming to me asking for SSL connections to their Mailman admin pages. No matter what I try, I can't seem to find a permanent fix. I have done the following:
1. Added a redirect to direct all non-ssl traffic to /mailman/ to https. That works great.
RewriteEngine on
RewriteCond %{HTTPS} off [NC]
RewriteRule ^/mailman(/.*) https://%{HTTP_HOST}/mailman$1 [L,R=permanent
2. Added the following to the mm_cfg.py file for new lists:
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
3. Ran the following for an older list that was unable to make changes to members' attributes on the membership management page due to the above changes:
$prefix/bin/withlist -l -r fix_url listname -u list_web_domain
I confirmed that fixed the issue only to see the fix revert itself less than 24 hours later. So even though web traffic is coming through via SSL, it seems certain form elements are not fully secure. This really needs to be fixed cPanel and that asap.
Thank you,
Brian
1. Added a redirect to direct all non-ssl traffic to /mailman/ to https. That works great.
RewriteEngine on
RewriteCond %{HTTPS} off [NC]
RewriteRule ^/mailman(/.*) https://%{HTTP_HOST}/mailman$1 [L,R=permanent
2. Added the following to the mm_cfg.py file for new lists:
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
3. Ran the following for an older list that was unable to make changes to members' attributes on the membership management page due to the above changes:
$prefix/bin/withlist -l -r fix_url listname -u list_web_domain
I confirmed that fixed the issue only to see the fix revert itself less than 24 hours later. So even though web traffic is coming through via SSL, it seems certain form elements are not fully secure. This really needs to be fixed cPanel and that asap.
Thank you,
Brian