Hm, not without a code change, I think. The secure rewrites setting is to prevent a rewrite jumping between databases. At first glance it does seem an overreach to block a rewrite to _session (and presumably anything else at the top level).
B. On 20 March 2013 12:13, Anthony Ananich <[email protected]> wrote: > Hi! > > I'm trying to make _session handler accessible via url like > http://mysite.com/_session while using rewrite rules. I get the > following error: > {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"} > > I found that it could be fixed with adding this to an ini file: > [httpd] > secure_rewrites = false > > Is there a way to allow _session without disabling secure_rewrites? > > Thanks, > Anthony
