I'm using wsgi.file_wrapper to serve secured media in the context of wsgi (the important part being that wsgi can run as a different user). I notice in the mod_rewrite logs that when I do this, the file path passes through apache as a subrequest with the wsgi mount point stripped off.
That is, if the original request is /wsgiscriptalias/securedOne/ foo.gif, there's a wsgi script alias of /wsgiscriptalias, and I return file_wrapper of securedOne/foo.gif, I see a subrequest of /securedOne/ foo.gif passing through mod_rewrite. I find this a bit weird, since the uri isn't really "valid", in the sense that it doesn't match any configured directory or location in apache. mod_rewrite logs it passing through, like so: [perdir /var/www/html/] pass through /var/www/html/securedOne which doesn't exist. Then mod_wsgi serves the file. I'm a bit concerned about security (not knowing what kind of weird uri manipulations might be possible here, and how it interacts with apache security), though in one way it's working in my favor: if the uri came through in the original form, it might cause a loop, dispatching the url to wsgi again, creating another subrequest, then to mod_rewrite, etc., etc. I'm wondering if this is again related to SCRIPT_NAME problems with mod_rewrite. Also wondering what it's *supposed* to be doing when it travels through apache as a subrequest, i.e. how is it supposed to be a valid uri w/o causing a loop? -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
