Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BA8B0F5B0 for ; Thu, 21 Mar 2013 00:10:16 +0000 (UTC) Received: (qmail 28022 invoked by uid 500); 21 Mar 2013 00:10:15 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 27906 invoked by uid 500); 21 Mar 2013 00:10:14 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 27898 invoked by uid 99); 21 Mar 2013 00:10:14 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Mar 2013 00:10:14 +0000 X-ASF-Spam-Status: No, hits=3.2 required=5.0 tests=FORGED_YAHOO_RCVD,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [98.139.212.163] (HELO nm4.bullet.mail.bf1.yahoo.com) (98.139.212.163) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 21 Mar 2013 00:10:10 +0000 Received: from [98.139.212.150] by nm4.bullet.mail.bf1.yahoo.com with NNFMP; 21 Mar 2013 00:09:48 -0000 Received: from [98.139.211.199] by tm7.bullet.mail.bf1.yahoo.com with NNFMP; 21 Mar 2013 00:09:48 -0000 Received: from [127.0.0.1] by smtp208.mail.bf1.yahoo.com with NNFMP; 21 Mar 2013 00:09:48 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1363824588; bh=xjq/1OU0gN+Db3EWuwVVocp6srJgE1O7Z8Jd+nMPERM=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:From:Content-Type:Message-Id:Mime-Version:Subject:Date:References:To:In-Reply-To:X-Mailer; b=AFthRMhR/vxEAET+TJsbTnN62VcV5yPa/dqySX+nmA2ClYYmDtFuecHlB54GUua4mwQ5BvMdo+spnreXR6rwZKaq0dhecd02TtpskLtoDjMEIQJ+AQEFmfqEvwHOqbd6MNK9X4Lcs8m5h87yeOC0NEY+Ay8kgzn4j/Cl99jUBZ0= X-Yahoo-Newman-Id: 844965.31555.bm@smtp208.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 21j4mZEVM1mCCETEfEuGOpBkx21LPyNpJgWQquM4vtl53Sv saY4e_jaxVQth58aorpq52xNmpRz2BoDm1NripWgF9hFA9OH_IhNp71goDfc nOR8h7I2zDdPVdiAD.Rm_NQ9LSA8LN2mIqXmDpSZ2LuMyAuuiEAVcDQkSVAP 69.d9P078vTbqRY6eA7lEzi.tpp19_tABbH71xfjpSfBuxrnTcIzNqADML1u a4giDLEZ_813BXQOERBG6D94ANRWFziaSMOFHD8mi.y6Sf42tWcj4ld3mme. 6s4VBQqeW1.WPea8vqNwaDxkXD9fr0HxslEB9YPTIKIUp1YxCGfpr0bKt2CT 5UyAXd7IIqGUAw.59JBg.KuB64ZDKIKPyCVfnNr2q8ZQ8UxfOtB2XyK8xbtL L4GdBV9FUFfwU8Jyr0um2eZ9skIBdUI6.sCFRDvQUKUJJS_2pDkA0tiD3fhn C7qZhDA_Dy_9Uj1rd_v3HvzhxJ8hnLJU3eO4oglip3A0HDTC32juWONrwxnz UzlsncwwsBvrfIR5JG62ydw8YEEs._LS_Y8oucbvgJ99hMP.hzUI07.CoOHe rMp1rtDJv9A-- X-Yahoo-SMTP: b9FO.o6swBDjz1Oj2MrhmZVB01c- X-Rocket-Received: from [10.0.1.4] (iomatix@24.129.27.229 with plain) by smtp208.mail.bf1.yahoo.com with SMTP; 20 Mar 2013 17:09:48 -0700 PDT From: Jeff Charette Content-Type: multipart/alternative; boundary="Apple-Mail=_C2FC4877-665E-4C38-969F-058E867A1049" Message-Id: Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) Subject: Re: _session + vhost + rewrites Date: Wed, 20 Mar 2013 20:09:47 -0400 References: To: user@couchdb.apache.org In-Reply-To: X-Mailer: Apple Mail (2.1499) X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail=_C2FC4877-665E-4C38-969F-058E867A1049 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 +1 Jeff Charette | Principal=20 We Are Charette web / identity / packaging m 415.298.2707 w wearecharette.com e jeffrey@wearecharette.com On Mar 20, 2013, at 9:21 AM, Anthony Ananich = wrote: > Good to know this. Thanks! >=20 > On Wed, Mar 20, 2013 at 3:50 PM, Benoit Chesneau = wrote: >> On Wed, Mar 20, 2013 at 5:26 AM, Anthony Ananich >> wrote: >>> I think I've found an answer. It seems that while using vhost >>> /_session handler is available in the root of vhost independent on = if >>> there are any rewrite rules or not. >>>=20 >>> I was not able to find any documentation about that, so I'm not sure >>> if it is bug or feature :) >>=20 >> It's a feature, see in the section [httpd] of default.ini: >>=20 >> vhost_global_handlers =3D _utils, _uuids, _session, _oauth, _users >>=20 >> - beno=EEt >>=20 >>=20 >>>=20 >>> On Wed, Mar 20, 2013 at 3:18 PM, Robert Newson = wrote: >>>> Hm, not without a code change, I think. The secure rewrites setting = is >>>> to prevent a rewrite jumping between databases. At first glance it >>>> does seem an overreach to block a rewrite to _session (and = presumably >>>> anything else at the top level). >>>>=20 >>>> B. >>>>=20 >>>> On 20 March 2013 12:13, Anthony Ananich = wrote: >>>>> Hi! >>>>>=20 >>>>> I'm trying to make _session handler accessible via url like >>>>> http://mysite.com/_session while using rewrite rules. I get the >>>>> following error: >>>>> {"error":"insecure_rewrite_rule","reason":"too many ../.. = segments"} >>>>>=20 >>>>> I found that it could be fixed with adding this to an ini file: >>>>> [httpd] >>>>> secure_rewrites =3D false >>>>>=20 >>>>> Is there a way to allow _session without disabling = secure_rewrites? >>>>>=20 >>>>> Thanks, >>>>> Anthony --Apple-Mail=_C2FC4877-665E-4C38-969F-058E867A1049--