Sorry for taking so long to reply. Been very busy couple of weeks and things that required a bit of thought or looked a but complicated have been falling through the cracks.
On 15 February 2011 04:11, bc <[email protected]> wrote: > I'm using wsgi.file_wrapper to serve secured media in the context of > wsgi (the important part being that wsgi can run as a different user). > I notice in the mod_rewrite logs that when I do this, the file path > passes through apache as a subrequest with the wsgi mount point > stripped off. The mod_wsgi implementation of wsgi.file_wrapper does not issue a subrequest and so mod_rewrite should not be getting triggered for a sub request due to that. All I can say is that it is likely mod_rewrite just doing something odd in fixup phase just before mod_wsgi content handler is run. What do you see of a request where wsgi.file_wrapper isn't being used? Graham > That is, if the original request is /wsgiscriptalias/securedOne/ > foo.gif, there's a wsgi script alias of /wsgiscriptalias, and I return > file_wrapper of securedOne/foo.gif, I see a subrequest of /securedOne/ > foo.gif passing through mod_rewrite. > > I find this a bit weird, since the uri isn't really "valid", in the > sense that it doesn't match any configured directory or location in > apache. mod_rewrite logs it passing through, like so: > > [perdir /var/www/html/] pass through /var/www/html/securedOne > > which doesn't exist. Then mod_wsgi serves the file. > > I'm a bit concerned about security (not knowing what kind of weird uri > manipulations might be possible here, and how it interacts with apache > security), though in one way it's working in my favor: if the uri came > through in the original form, it might cause a loop, dispatching the > url to wsgi again, creating another subrequest, then to mod_rewrite, > etc., etc. > > I'm wondering if this is again related to SCRIPT_NAME problems with > mod_rewrite. > > Also wondering what it's *supposed* to be doing when it travels > through apache as a subrequest, i.e. how is it supposed to be a valid > uri w/o causing a loop? -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
