rejetto forum

Software => HFS ~ HTTP File Server => HTML & templates => Topic started by: flakerwaker on July 30, 2018, 05:06:13 AM

Title: URL Forwarding Question
Post by: flakerwaker on July 30, 2018, 05:06:13 AM
sorry guys, i tried searching the wiki and troubleshooting to the best of my knowledge but at this point i'm pulling my hair out.. basically i'm just trying to prevent the template i'm using (thunderchicken) from showing my WAN IP address to anyone who accesses along with the port "8080".. this is obviously not good security practice regardless of whether or not i'm running it on a spare PC or otherwise.. if anyone can suggest another template that might be similar enough to that one that doesn't show the IP and port number then i'm also open to that for a quick solution.

i've just been using this as a resource for my band to swap files back and forth with, and until recently it had only been myself and the drummer, so now that i have a few other people coming to the site i'd just feel a lot more comfortable if that info could be hidden somehow.. i like the thunder chicken template it works well for my needs.. i have it setup very basic using URL forwarding with my domain provider.. could anyone tell me how to hide this stuff on the template? i'm not a CSS pro, but most of the time i'm able to figure little things out.. the template seems easy enough and self explanatory too but i never found anything to tell it NOT to show the IP and port number..

thanks you guys, i've read this forum a lot and seen how hard some of you work to help people, it would be nice to see this software go more commercial because a couple of you deserve very high paying jobs imo! (leoneeson and bmartino to name a few)
Title: Re: URL Forwarding Question
Post by: rejetto on July 30, 2018, 08:46:55 AM
welcome!
"hiding" the IP that way is a matter of convenience and aesthetic, not security. Indeed, that's only about not being displayed directly, but anyone who wants to get the ip can. To go this way you have to use the "dynamic dns" feature.
Hiding the port is almost pointless. When you "don't see the port", it's because it's the default one (80). It's just nicer.

To really conceal an IP you should consider other means, but i'm not an expert and cannot advice. Maybe TOR may help you, not sure. https://meta.wikimedia.org/wiki/Special:Mylanguage/Grants:IdeaLab/Inspire/en
Title: Re: URL Forwarding Question
Post by: flakerwaker on July 31, 2018, 03:29:44 AM
my apologies if I'm not completely clear on what you mean.. if the IP address isn't as much of a security risk as just the way it looks then can you tell me how to make it disappear? is this something that has to be written (or erased?) within the template or CSS file?
Title: Re: URL Forwarding Question
Post by: bmartino1 on July 31, 2018, 04:47:37 AM
It's in thunder chicken of glore code, look for IP.

What rejeto is saying In Regards to security/ IP being displayed... is that if i visit the site, and get to your webpage, I can get the IP address regardless if it is displayed via the template or not.
Title: Re: URL Forwarding Question
Post by: LeoNeeson on August 02, 2018, 07:25:44 AM
@flakerwaker: Exactly, as Rejetto said, you can get the IP of every domain (any Hostname to IP address tool (http://www.hcidata.info/host2ip.htm) could do it), so it's almost pointless try to hide it. But depending on the type of visitors you have, there are several options you could try:

- The most cheap, easy and recommended solution (a little amateur, but initially does what you want), is opening an account on some free hosting, and use an iFrame (https://www.w3schools.com/tags/tag_iframe.asp) pointing to your HFS server IP (but your IP will be still shown when a download starts, so, it's only something visual and not true secure, although it can server you purpose). It was previously cited on the forum, here (http://rejetto.com/forum/index.php?topic=6873.0).

- The most secure option you can use, is using HFS along with some CDN optimization service (that works similar to a tunnel service), being Cloudflare (https://www.cloudflare.com/) the most popular. This way, if some bad user wants to know you IP, it will only get the IP of Cloudflare. But you have to configure HFS to restrict the access from all other IPs, and only allow the IP range of Cloudflare (if you don't do this, some old user can bypass Cloudflare and go directly to your IP if he already knows it). Get this working is not an easy task, at least for me to explain, but Cloudflare is free to use. Keep in mind that all your data passes trough Cloudflare servers (since it follows this path: your HFS Server > Cloudflare Servers > The final visitor), so, if you share sensitive or private information, this is not recommended (since Cloudflare could cache your information). You can also use CloudFlare for Dynamic DNS, as been described here (https://www.thatstevensguy.com/lifestyle/use-cloudflare-for-dynamic-dns-on-windows/).

- Another option, but not free to use, is using a tunnel service like PageKite (https://pagekite.net/) and ngrok (https://ngrok.com/) (it almost works the very much the same as Cloudflare). It can be easier to configure than Cloudflare (since you don't have to open ports), but you have to pay something depending on how much bandwidth you use monthly. Like using Cloudflare, all the transferred data passes trough PageKite or ngrok servers, since that's they way they protect your IP (it works like some kind of proxy, if you understand how they work).

- The final option, is to install the now discontinued PeerBlock (http://www.peerblock.com/) (download here (https://www.iblocklist.com/files/PeerBlock-Setup_v1.1+_r691.exe)) which restrict and limit the visitors IP to a specific country (https://www.iblocklist.com/lists?category=country) (or to a specific IP range, if you know your visitor's IP range), but this will not hide your IP. This is a little aggressive way, since you can block some good users, and this is not an option if you have visitors from all around the world (although it can be useful if you want to use it along with Cloudflare to have a perfectly secure server).

I'm not an expert, so take this as your start point, since you have to figure out by yourself how to configure all the things. Like Rejetto also said, TOR could be help (using .onion address, but using that your visitors will also need to use TOR to download files from you). A related question about hiding the server IP, was done before here (http://rejetto.com/forum/index.php?topic=11807.0). And correct me if I'm wrong, but I think there is no template (or CSS code) that can make your IP address disappear (that doesn't exist).

thanks you guys, i've read this forum a lot and seen how hard some of you work to help people, it would be nice to see this software go more commercial because a couple of you deserve very high paying jobs imo! (leoneeson and bmartino to name a few)
Thanks for the acknowledgement, but all the credit goes to Rejetto, since without him, HFS and this forum would not exist (and also deserve a special mention the rest of the community which participate here everyday). Like I've said several times, my contribution here is my way to donate to Rejetto for his amazing software (anyway, I'm always open to new job opportunities, just joking... :D).

Cheers,
Leo.-