1
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: October 09, 2024, 05:46:19 PM »
Thank you very much for the clarification. I hope it can be resolved soon.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Your best option is to allow not * but just the IPs of cloudflare.
You can learn how to enter a filter different than * with this guide: https://www.rejetto.com/wiki/index.php/HFS:_IP_masks
Method 2) there's a scripting command to modify configuration via scripting. So as you can go Menu > Debug > Run script
and there run this small script
{.set ini|forwarded-mask=*.}
Method 1) you'll edit the hfs.ini with notepad. Be sure first to quit HFS first.
so, HFS already supports reverse-proxy but by default it's limited to localhost for security reasons.
ciao Sergio,
ot may help to know what you did to configure HFS for cloudflare.
I've never used cloudflare myself, so i hope someone could help you.
<head>
{.add to log| request
Cloudflare IP : %ip%
CF-Connecting-IP : {.header|CF-Connecting-IP.}
X-Forwarded-For : {.header|X-Forwarded-For.}
.}
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>{.!HFS.} %folder%</title>
<link rel="stylesheet" href="/?mode=section&id=style.css" type="text/css">
<script type="text/javascript" src="/?mode=jquery"></script>
<link rel="shortcut icon" href="/favicon.ico">
<style class='trash-me'>
.onlyscript, button[onclick] { display:none; }
</style>
<script>
// this object will store some %symbols% in the javascript space, so that libs can read them
HFS = { folder:'{.js encode|%folder%.}', number:%number%, paged:{.!option.paged.} };
</script>
<script type="text/javascript" src="/?mode=section&id=lib.js"></script>
</head>