Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 974B5FD4C for ; Wed, 20 Mar 2013 13:22:57 +0000 (UTC) Received: (qmail 5208 invoked by uid 500); 20 Mar 2013 13:22:56 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 5118 invoked by uid 500); 20 Mar 2013 13:22:55 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 5104 invoked by uid 99); 20 Mar 2013 13:22:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Mar 2013 13:22:55 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [209.85.220.176] (HELO mail-vc0-f176.google.com) (209.85.220.176) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Mar 2013 13:22:49 +0000 Received: by mail-vc0-f176.google.com with SMTP id ib11so1278358vcb.21 for ; Wed, 20 Mar 2013 06:22:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:x-originating-ip:in-reply-to:references :from:date:message-id:subject:to:content-type :content-transfer-encoding:x-gm-message-state; bh=xrS73uevgVxdJLvNDYgTBjWp09EMC3Ih6CA0N3aylbE=; b=mShq1hqfX24tikXcj5AhyB2/56IGnJcuautSKeIm4OdqG0uLoxsLxMIe8jpN8tPqPq qWgFMr3rveQOcq67Af8ahL62zi05wegUwMgMXYqZkve3ELunB2gdCw10riF/jRmyLESb V4RiJLcscC/VVYKd2Ouc/FesR+uEMUWAT4QwAuwFYU/xwolAscL4iYv4S2FokepiURML 4YG9PnnZeVeisUcuRcAWPEkStIU5o2feq+Wg58JdcByTqIWp6CrC7fg6cv5c5wKY3V/v QEgfPr+kK4lYtPkSyfwtYfQsBiKqvth7UatQGIEqqRbaNMtySXLUjydgGfc5dfAUYMyH r4wA== X-Received: by 10.52.75.65 with SMTP id a1mr6559204vdw.79.1363785746817; Wed, 20 Mar 2013 06:22:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.58.154.38 with HTTP; Wed, 20 Mar 2013 06:21:56 -0700 (PDT) X-Originating-IP: [80.94.224.18] In-Reply-To: References: From: Anthony Ananich Date: Wed, 20 Mar 2013 16:21:56 +0300 Message-ID: Subject: Re: _session + vhost + rewrites To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQnSb5FZ66mXCGTksfsnhAfujLnBPIHxwBuD+W1nKCBNsWED1/eZ8XLRwnKMY+UyNDuBsT6z X-Virus-Checked: Checked by ClamAV on apache.org Good to know this. Thanks! On Wed, Mar 20, 2013 at 3:50 PM, Benoit Chesneau wrot= e: > On Wed, Mar 20, 2013 at 5:26 AM, Anthony Ananich > wrote: >> I think I've found an answer. It seems that while using vhost >> /_session handler is available in the root of vhost independent on if >> there are any rewrite rules or not. >> >> I was not able to find any documentation about that, so I'm not sure >> if it is bug or feature :) > > It's a feature, see in the section [httpd] of default.ini: > > vhost_global_handlers =3D _utils, _uuids, _session, _oauth, _users > > - beno=EEt > > >> >> On Wed, Mar 20, 2013 at 3:18 PM, Robert Newson wrot= e: >>> Hm, not without a code change, I think. The secure rewrites setting is >>> to prevent a rewrite jumping between databases. At first glance it >>> does seem an overreach to block a rewrite to _session (and presumably >>> anything else at the top level). >>> >>> B. >>> >>> On 20 March 2013 12:13, Anthony Ananich wrote= : >>>> Hi! >>>> >>>> I'm trying to make _session handler accessible via url like >>>> http://mysite.com/_session while using rewrite rules. I get the >>>> following error: >>>> {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"} >>>> >>>> I found that it could be fixed with adding this to an ini file: >>>> [httpd] >>>> secure_rewrites =3D false >>>> >>>> Is there a way to allow _session without disabling secure_rewrites? >>>> >>>> Thanks, >>>> Anthony