From user-return-13892-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Wed Nov 24 15:35:11 2010 Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 37733 invoked from network); 24 Nov 2010 15:35:10 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 24 Nov 2010 15:35:10 -0000 Received: (qmail 40922 invoked by uid 500); 24 Nov 2010 15:35:41 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 40560 invoked by uid 500); 24 Nov 2010 15:35:38 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 40366 invoked by uid 99); 24 Nov 2010 15:35:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Nov 2010 15:35:37 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=SPF_PASS,UNRESOLVED_TEMPLATE X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [193.50.230.240] (HELO pluton.utt.fr) (193.50.230.240) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Nov 2010 15:35:27 +0000 Received: from smtp1.utt.fr (smtp1.utt.fr [193.50.230.122]) by pluton.utt.fr (8.13.1/8.13.1) with ESMTP id oAOFZ535024972 for ; Wed, 24 Nov 2010 16:35:05 +0100 Received: from smtp1.utt.fr (smtp1.utt.fr [127.0.0.1]) by localhost (Postfix) with SMTP id EC21AA68272 for ; Wed, 24 Nov 2010 16:35:04 +0100 (CET) Received: from wifi-personnels162.utt.fr (wifi-personnels162.utt.fr [10.19.1.162]) by smtp1.utt.fr (Postfix) with ESMTP id E754CA68270 for ; Wed, 24 Nov 2010 16:35:04 +0100 (CET) From: =?iso-8859-1?Q?Aur=E9lien_B=E9nel?= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Accessing _utils scripts with reverse proxy and _rewrite? Date: Wed, 24 Nov 2010 16:35:04 +0100 Message-Id: <83C1F66D-223B-41F3-BFD8-C1253A66670C@utt.fr> To: user@couchdb.apache.org Mime-Version: 1.0 (Apple Message framework v1082) X-Mailer: Apple Mail (2.1082) X-PerlMx-Spam: Gauge=%%XGAUGE%%%%IGAUGE%%, Probability=%%PROB%%, Report='%%HITS%%' X-Virus-Checked: Checked by ClamAV on apache.org Hi there, We have a functional CouchApp on CouchOne Hosting. We set up a Cherokee = reverse proxy in order to skip the "/mydb/_design/mysoftware/_rewrite" = part of URLs. When we did that we realized that we forgot to rewrite one URL: = "/_utils/script/couch.js". Then we added the following rewrite rule: { "from": "script/:script", "to": "../../../_utils/script/:script" } We got : {"error":"insecure_rewrite_rule","reason":"too many ../.. = segments"}=20 The configuration cannot be changed on CouchOne hosting, and it is = probably true that giving access to "_utils" could be harmful. Is there = another way to access those scripts than copying scripts in the database = scope or setting up the rewrite rule directly into Cherokee? Regards, Aur=E9lien=20=