Return-Path: 
 <user-return-23961-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A1221F7BE
	for <apmail-couchdb-user-archive@www.apache.org>;
 Wed, 20 Mar 2013 12:18:08 +0000 (UTC)
Received: (qmail 66305 invoked by uid 500); 20 Mar 2013 12:18:07 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 66266 invoked by uid 500); 20 Mar 2013 12:18:07 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 66243 invoked by uid 99); 20 Mar 2013 12:18:06 -0000
Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Mar 2013 12:18:06 +0000
Received: from localhost (HELO mail-la0-f51.google.com) (127.0.0.1)
  (smtp-auth username rnewson, mechanism plain)
  by minotaur.apache.org (qpsmtpd/0.29) with ESMTP;
 Wed, 20 Mar 2013 12:18:06 +0000
Received: by mail-la0-f51.google.com with SMTP id fo13so2838325lab.10
        for <user@couchdb.apache.org>; Wed, 20 Mar 2013 05:18:04 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.152.116.45 with SMTP id jt13mr5277331lab.0.1363781884422;
 Wed, 20 Mar 2013 05:18:04 -0700 (PDT)
Received: by 10.112.25.201 with HTTP; Wed, 20 Mar 2013 05:18:04 -0700 (PDT)
In-Reply-To: 
 <CAFANTuUBC5Zzdv0cva3fOpM2i1_qZdiquSZ+r7fypd6SgceYDg@mail.gmail.com>
References: 
 <CAFANTuUBC5Zzdv0cva3fOpM2i1_qZdiquSZ+r7fypd6SgceYDg@mail.gmail.com>
Date: Wed, 20 Mar 2013 12:18:04 +0000
Message-ID: 
 <CABvT1DG-fGdFCjmk6MTn9kQ8Hrq=wVSv56VX=qyXKtK9ZdArsA@mail.gmail.com>
Subject: Re: _session + vhost + rewrites
From: Robert Newson <rnewson@apache.org>
To: "user@couchdb.apache.org" <user@couchdb.apache.org>
Content-Type: text/plain; charset=ISO-8859-1

Hm, not without a code change, I think. The secure rewrites setting is
to prevent a rewrite jumping between databases. At first glance it
does seem an overreach to block a rewrite to _session (and presumably
anything else at the top level).

B.

On 20 March 2013 12:13, Anthony Ananich <anton.ananich@inpun.com> wrote:
> Hi!
>
> I'm trying to make _session handler accessible via url like
> http://mysite.com/_session while using rewrite rules. I get the
> following error:
> {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"}
>
> I found that it could be fixed with adding this to an ini file:
> [httpd]
> secure_rewrites = false
>
> Is there a way to allow _session without disabling secure_rewrites?
>
> Thanks,
> Anthony