The mailing list for listmasters using Sympa

[Niklas Matthies <address@concealed>]

What we do is that we let Apache redirect HTTP to HTTPS, so everyone
is connected via HTTPS even when they try to connect via HTTP.
Our primary motivation to do so is to protect the passwords when
logging in using LDAP authentication.

-- Niklas Matthies

On Thu 2010-11-18 at 12:38h, Adam Bernstein wrote on sympa-users:
> Eh... actually, nevermind.  I've just realized, no matter what 
> improvement I can make in wwsympa, there is no way for sympa.pl to know 
> how anybody might be connecting to wwsympa.  So all the notices that get 
> sent out from that process (eg. moderation or subscription approval 
> requests) will always have the URL that is set in the config file.
>
> Looks like we'll have to decide whether to offer http: or https:, and 
> just do that -- can't do both without creating some confusion and user 
> issues.
>
> Oh well.  Sorry for the spam!
>
>      adam
>
> On 11/18/2010 12:13 PM, Adam Bernstein wrote:
>> Is anybody else running WWSympa with both an http:// option and an https://
>> option? It works just fine, with both served from the same configuration
>> (though two different wwsympa.fcgi processes start up to serve the two
>> protocols), but we have a minor detail that I can't figure out.
>>
>> We were able to eliminate warnings about "some elements of this page are
>> not encrypted" by changing the css_url; when that setting was specified as
>> a full URL (http://lists.domain.tld/lists), obviously it was always loaded
>> without SSL, even when the user accessed the page via https, resulting in
>> the warning. But happily, we found that setting it simply to /lists works
>> fine. Now the CSS is loaded via http if that's your connection method, or
>> by https if that's your connection method. But a similar solution does not
>> work for the wwsympa_url setting.
>>
>> If wwsympa_url is set simply to /lists, the links that Sympa sends out in
>> emails will contain only that address, no full URL, so they're broken. If
>> it's set to http:... and you have an existing https: connection open, and
>> you receive one of these emails and click the link, you get a new page with
>> http: and you have to login again, because it's a "different" site. I
>> suspect we're just trying to do something Sympa can't do (yet?), but I
>> thought I'd ask if there's a solution I'm not seeing.
>>
>> If not, I will have to try to modify WWSympa to fill in the base URL if the
>> wwsympa_url setting doesn't contain a protocol specification....
>>
>> Thanks!
>> adam
>