Secure MTB’s e-mail notification de-spamming feature

A blog-spam notification e-mail sent by MT-Blacklist conveniently contains a link to de-spam the according comment. Unfortunately, all URLs start with “http://”, meaning that the request (and hence your credentials) are sent as plain-text. To force using HTTPS (encrypted HTTP) for anything related to MT-Blacklist, you can add the following line to your Apache configuration (this is an example, adjust it to match your server layout):

<VirtualHost 192.168.1.6:80>
  # other redirects here
  Redirect permanent /cgi-bin/mt/plugins/Blacklist https://news.numlock.ch/cgi-bin/mt/plugins/Blacklist
</VirtualHost>

and restart Apache (for Apache2 on Gentoo: “/etc/init.d/apache2 restart”)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.