Topic: WWW [NOTE: The WWW interface to listmanager was not complete at the time of writing of this file. The information contained here may not be current.] Listmanager has a WWW interface to allow queries and a limited set of its functions to be accessed using web browsers. This includes subscribing and unsubscribing, getting help, requesting new lists, and setting list or member options. In its default state, only query-type (e.g. read-only) requests are permitted, but it is possible for list owners to enable certain updates to their lists via this method. There are two methods by whicih this restriction is controlled. The first is the "allow-web-subs" list flag which permits people to use the WWW interface to subscribe to or unsubscribe from your list. It is strongly recommended that you also use the "sub-confirm" list flag if you enable this, but it is not required. Doing so prevents (or at least inhibits) malicious users from subscribing others without the permission of that third party. The second method is the use of a WWW ACL (access control list), set by the "set webacl" command. This establishes a list of places from which list owners and members may connect to configure their list or membership options. The format of the WWW ACL is slightly different than a regular ACL in that no userid is used to authenticate, only an IP address or domain name. For example, a WWW ACL of: *.hookup.net would allow WWW-based list configurations to take place from any "hookup.net" address. On the other hand, !*.pbi.net would allow configuration requests via the WWW from anywhere except any "pbi.net" address. Also, as with regular ACLs, the WWW ACL's first entry has a special meaning; see the "ACLs" help file for more information. Note that the web server invoking listmanager may not be able to translate the client's IP address to a name, due to DNS difficulties or a variety of other reasons. In that case, you may need to expressly permit or restrict IP blocks as well as domain names. Matching is permitted on userid as well. If you want to block all requests from clients running an "ident" server (see RFC1913) that identify themselves as root, you could use an entry like this: !root@* Listmanager will substitute the keyword "UNKNOWN" in either the userid or host field (or both) if the corresponding data could not be obtained from the web server calling it. You could therefore block all web requests from clients that aren't running "ident" at all using an entry like this: !UNKNOWN@* See also: ACLs allow-web-subs no select set show