Thanks! That works for Apache2.2. For those interested that are using Apache2.4, make this change:
-Order deny,allow -Deny from all +Require all denied The rest should be the same. Here is some more info: http://httpd.apache.org/docs/2.4/upgrading.html Best, Rafael On Fri, Aug 14, 2015 at 2:16 PM, Jim Popovitch <jim...@gmail.com> wrote: > That's a very old (in Internet Years) Mailman problem that was solved > with session cookies in v2.1.16 (16-Oct-2013). If you're still > paranoid, and don't want to piss your users off with privacy leaking > captcha, then just set up some referer checking in your apache or > nginx configs: > > Apache: > > # Prevent subscription request spam > SetEnvIf Referer lists\.example\.com localreferer > <Location /mailman/subscribe> > Order deny,allow > Deny from all > Allow from env=localreferer > </Location> > -Jim P. >
