Return-Path: 
 <user-return-27471-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id DBA7F11E3B
	for <apmail-couchdb-user-archive@www.apache.org>;
 Sat, 19 Apr 2014 10:51:48 +0000 (UTC)
Received: (qmail 43726 invoked by uid 500); 19 Apr 2014 10:51:46 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 43348 invoked by uid 500); 19 Apr 2014 10:51:46 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 43336 invoked by uid 99); 19 Apr 2014 10:51:45 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Apr 2014 10:51:45 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy includes SPF record at
 spf.trusted-forwarder.org)
Received: from [209.85.128.170] (HELO mail-ve0-f170.google.com)
 (209.85.128.170)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Apr 2014 10:51:39 +0000
Received: by mail-ve0-f170.google.com with SMTP id pa12so4729364veb.29
        for <user@couchdb.apache.org>; Sat, 19 Apr 2014 03:51:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type;
        bh=W56GrxZiSzxaJvD2oZEJ8TWnz7nK5GqxF9E82v7/8XI=;
        b=bFQEex/qu2y/GtWJMIniLgDVLr9GW9fTarsquAFBGCvTAYtixYa1vcAYsuKq3eOUPb
         /RAVOwzy5ybovG+iR+6Bx81PNS0eBvTWmQm+nD6mzOLkJLDy3r2312/XGy2PMBR2ywVk
         fAGVxdwFVj17kC3bymQaMpEt69QOZAkS+qXd0cPSbjpktRC5dpkFg/xaYDBdji1BlLPT
         UpDdlAxcyZuHHy/FRmaBNdtvMh1lZQNioB54FBpKEn7N7o1X3RBD429kAvmbx2TxyHND
         2Z2rv84qlkTW/vjJm9zA94DuHhP0HR6ZfdVED85ZGF/8GBdoWNCnZT1IpZbndnIYcgRJ
         LGuw==
X-Gm-Message-State: 
 ALoCoQk6Z6EErPtf/WFwLD0oKVLkVFTpoqsU7dYSgzZbDQ1N2ZBKThGdvXSTekTw5yDDegB9FQ/c
MIME-Version: 1.0
X-Received: by 10.58.111.163 with SMTP id ij3mr7849112veb.26.1397904676738;
 Sat, 19 Apr 2014 03:51:16 -0700 (PDT)
Received: by 10.220.29.199 with HTTP; Sat, 19 Apr 2014 03:51:16 -0700 (PDT)
Received: by 10.220.29.199 with HTTP; Sat, 19 Apr 2014 03:51:16 -0700 (PDT)
In-Reply-To: 
 <CAJNb-9r=u5t1nZMwZpOfBdL-bCEcWY1eXWrvYETTEckUbEnLjw@mail.gmail.com>
References: <1397424531.24083.YahooMailNeo@web181703.mail.ne1.yahoo.com>
	<CAO5PmOqs5kg+SAT2eXdZmVes1Y+R2f5--6ivoXxoXX9QxLK6hA@mail.gmail.com>
	<1397484841.28230.YahooMailNeo@web181702.mail.ne1.yahoo.com>
	<CAJNb-9pwtQoc49vk95d8W9t8-XGYV=bdBX4eVoyiA=EUaBa29g@mail.gmail.com>
	<1397490947.60337.YahooMailNeo@web181703.mail.ne1.yahoo.com>
	<CAJNb-9rrm1ikBb481RaWX6NiXN0gsirQumd-eN-CfyfBVyOyZw@mail.gmail.com>
	<1397495480.49460.YahooMailNeo@web181704.mail.ne1.yahoo.com>
	<CAJNb-9oSgJ6iVbXi1n3+-hWu4voJLcicqtS+9oaPd6RfEF-RbQ@mail.gmail.com>
	<1397829369.80661.YahooMailNeo@web181706.mail.ne1.yahoo.com>
	<CAJNb-9r=u5t1nZMwZpOfBdL-bCEcWY1eXWrvYETTEckUbEnLjw@mail.gmail.com>
Date: Sat, 19 Apr 2014 12:51:16 +0200
Message-ID: 
 <CAO5PmOrSEXykd_m4jhKTSkgBwmtVtQAnThB0QAnw-UGnezsvwA@mail.gmail.com>
Subject: Re: authentication_redirect is not working.
From: =?UTF-8?Q?Johannes_J=C3=B6rg_Schmidt?= <schmidt@netzmerk.com>
To: user@couchdb.apache.org
Content-Type: multipart/alternative; boundary=047d7b2e548aafed9104f7630b6f
X-Virus-Checked: Checked by ClamAV on apache.org

--047d7b2e548aafed9104f7630b6f
Content-Type: text/plain; charset=UTF-8

We have vhosts and rewrites like this in production for years and it works
like a charm.
If you unterstand CouchDBs security model nothing speaks against opening
its API to the world.

Greetings
Johannes
Am 19.04.2014 06:41 schrieb "Benoit Chesneau" <bchesneau@gmail.com>:

> On Fri, Apr 18, 2014 at 3:56 PM, Scott Weber <scotty2541@sbcglobal.net
> >wrote:
>
> > Yes, I tried to implement the vhost and redirect. vhost was behaving as
> > documented. The redirect was not. There was no change in behavior.
> >
>
> I have just tested this rule:
>
>   [{
>
>         "from": "/",
>         "to": "index.html"
>     },
>     {
>
>         "from": "/*",
>
>         "to": "*"
>     },
>     ... other rules to access to dbs
> ]
>
>
>
> and set the vhost to the /db/ddoc/_rewrites
>
> and it was working as expected
>
>
> >
> > The purpose is that I was led to believe that this server would eliminate
> > the need for a public facing general web server. As such, real domains
> show
> > you actual content at their root level, not a dry "welcome to couchdb"
> > message.
> >
>
> > I can see that this is not such a good idea, for a number of reasons.
> > Fortunately I have already placed it in a farm behind a formal server,
> and
> > can control access through rewrites and server side scripts. It turned
> into
> > a classic example of using a tool for what it is good at, not trying to
> > make it into something it is not designed for.
> >
> >
> The rule above works. I did it a lot f time. Now the only part that is
> really missing of the equation is the security. If you want to prevent
> people to go on the root you will need to use a proxy on top.
>
> - benoit
>

--047d7b2e548aafed9104f7630b6f--