sponsoring secure vhost/rewrites

[Martin Hilbig <bl...@gmx.net>]

hi,

i want to program and rent couchapps. i want couchdb/bigcouch to be my 
db, app and webserver.

i dont want a middlelayer like a(n) (apache) proxy, just to filter out 
clients which try cheating by using no Host header or ../../../ url 
trickery.

can this be accomplished already? sadly i didnt find anything and i 
remember @janl telling me that vhosts and rewrites arent meant to be 
security features. why is that so?

my naive thoughts of a secure vhost handling which make proxies obsolete:

* the vhost handler should redirect clients with no Host header to a 
"default" vhost or send a 403/404.

* requests containing (to many) .. or starting with _ in the resource 
should get redirected/404/403ed too.

what other requests can you think of to circumvent the vhost 
handler/rewriter?

are the 2 points above already possible today? please redirect me to docs.

where should i start hacking, when i want to implent them myself?

is anyone willing to implement them for me (or see how far she gets) in 
10h = 100eurs? yea, this means i want those points so hard i would throw 
in 10h hours or 100eurs or 100$ to get someone (at least) started on 
them. is this okay or inappropriate here or is there a better place for 
couchdb job offers (maybe the user@ list)?

have fun
martin