You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by Aurélien Bénel <au...@utt.fr> on 2010/11/24 16:35:04 UTC

Accessing _utils scripts with reverse proxy and _rewrite?

Hi there,

We have a functional CouchApp on CouchOne Hosting. We set up a Cherokee reverse proxy in order to skip the  "/mydb/_design/mysoftware/_rewrite" part of URLs.

When we did that we realized that we forgot to rewrite one URL: "/_utils/script/couch.js".

Then we added the following rewrite rule: {
    "from": "script/:script",
    "to": "../../../_utils/script/:script"
  }

We got : {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"} 

The configuration cannot be changed on CouchOne hosting, and it is probably true that giving access to "_utils" could be harmful. Is there another way to access those scripts than copying scripts in the database scope or setting up the rewrite rule directly into Cherokee?


Regards,

Aurélien

Re: Accessing _utils scripts with reverse proxy and _rewrite?

Posted by Aurélien Bénel <au...@utt.fr>.

> You can set the secure_rewrites setting to false.


Thank you, Jan. 

What are the best practices to reduce security risks then?
To have very specific rewrite rules?


Regards,

Aurélien

Re: Accessing _utils scripts with reverse proxy and _rewrite?

Posted by Jan Lehnardt <ja...@apache.org>.

On 24 Nov 2010, at 16:35, Aurélien Bénel wrote:

> Hi there,
> 
> We have a functional CouchApp on CouchOne Hosting. We set up a Cherokee reverse proxy in order to skip the  "/mydb/_design/mysoftware/_rewrite" part of URLs.
> 
> When we did that we realized that we forgot to rewrite one URL: "/_utils/script/couch.js".
> 
> Then we added the following rewrite rule: {
>    "from": "script/:script",
>    "to": "../../../_utils/script/:script"
>  }
> 
> We got : {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"} 

You can set the secure_rewrites setting to false.

Cheers
Jan
-- 


> 
> The configuration cannot be changed on CouchOne hosting, and it is probably true that giving access to "_utils" could be harmful. Is there another way to access those scripts than copying scripts in the database scope or setting up the rewrite rule directly into Cherokee?
> 
> 
> Regards,
> 
> Aurélien

Re: Accessing _utils scripts with reverse proxy and _rewrite?

Posted by Aurélien Bénel <au...@utt.fr>.

> You can use the port 5984 to access your couchone with rewriting disabled.


Nice to know that, Quentin. However I don't understand how this would solve my problem...

What I would like would be to rewrite:	/mydb/_design/mysoftware/_rewrite/script/couch.js
into:		/_utils/script/couch.js

So that I could get it with http://myreverseproxy/script/couch.js

The idea is that the same app would work:
- directly on CouchOne (with complete _rewrite URLs),
- on CouchOne via a reverse proxy (with short URLs),
- on non routable servers via a reverse proxy. 

We're very close to that... This is the last URL that doesn't work.

If there is no solution for that in CouchDB we'll do that on Cherokee's reverse proxy.


Regards,

Aurélien 

------------------
> Hi there,
> 
> We have a functional CouchApp on CouchOne Hosting. We set up a Cherokee
> reverse proxy in order to skip the  "/mydb/_design/mysoftware/_rewrite" part
> of URLs.
> 
> When we did that we realized that we forgot to rewrite one URL:
> "/_utils/script/couch.js".
> 
> Then we added the following rewrite rule: {
>   "from": "script/:script",
>   "to": "../../../_utils/script/:script"
> }
> 
> We got : {"error":"insecure_rewrite_rule","reason":"too many ../..
> segments"}
> 
> The configuration cannot be changed on CouchOne hosting, and it is probably
> true that giving access to "_utils" could be harmful. Is there another way
> to access those scripts than copying scripts in the database scope or
> setting up the rewrite rule directly into Cherokee?
> 
> 
> Regards,
> 
> Aurélien

Re: Accessing _utils scripts with reverse proxy and _rewrite?

Posted by Quentin Pradet <qu...@gmail.com>.

Hi,

You can use the port 5984 to access your couchone with rewriting disabled.

On Wed, Nov 24, 2010 at 4:35 PM, Aurélien Bénel <au...@utt.fr>wrote:

> Hi there,
>
> We have a functional CouchApp on CouchOne Hosting. We set up a Cherokee
> reverse proxy in order to skip the  "/mydb/_design/mysoftware/_rewrite" part
> of URLs.
>
> When we did that we realized that we forgot to rewrite one URL:
> "/_utils/script/couch.js".
>
> Then we added the following rewrite rule: {
>    "from": "script/:script",
>    "to": "../../../_utils/script/:script"
>  }
>
> We got : {"error":"insecure_rewrite_rule","reason":"too many ../..
> segments"}
>
> The configuration cannot be changed on CouchOne hosting, and it is probably
> true that giving access to "_utils" could be harmful. Is there another way
> to access those scripts than copying scripts in the database scope or
> setting up the rewrite rule directly into Cherokee?
>
>
> Regards,
>
> Aurélien