Ah, sure, that makes sense :)
On 20 March 2013 12:26, Anthony Ananich <[email protected]> wrote: > I think I've found an answer. It seems that while using vhost > /_session handler is available in the root of vhost independent on if > there are any rewrite rules or not. > > I was not able to find any documentation about that, so I'm not sure > if it is bug or feature :) > > On Wed, Mar 20, 2013 at 3:18 PM, Robert Newson <[email protected]> wrote: >> Hm, not without a code change, I think. The secure rewrites setting is >> to prevent a rewrite jumping between databases. At first glance it >> does seem an overreach to block a rewrite to _session (and presumably >> anything else at the top level). >> >> B. >> >> On 20 March 2013 12:13, Anthony Ananich <[email protected]> wrote: >>> Hi! >>> >>> I'm trying to make _session handler accessible via url like >>> http://mysite.com/_session while using rewrite rules. I get the >>> following error: >>> {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"} >>> >>> I found that it could be fixed with adding this to an ini file: >>> [httpd] >>> secure_rewrites = false >>> >>> Is there a way to allow _session without disabling secure_rewrites? >>> >>> Thanks, >>> Anthony
