Recent Posts

1

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by danny on Today at 05:18:13 PM »

Enjoy summer break!  Perfect timing.  I need to hunt for a better job this season.  HFS is doing fine because there's nothing to fix other than keeping ahead of new browser changes. 

The development/lite version finally showed the progress it was made for--At version 2XF, features can be added to it and it will still run stable.  Thanks for the advice on WinMerge, to analyze differences.  Very helpful!   

2

HFS ~ HTTP File Server / Taking a summer break...

« Last post by LeoNeeson on Today at 02:10:16 PM »

I like the idea in Leo's patch because it is data validation.

Sorry, but I won’t be doing anything related to HFS for a few months, until further notice. Summer is approaching where I live, and as I did last year I’m taking some time off to disconnect from everything. Please carry on without me, Danny and everyone else, since I will not be checking or replying to private messages either.

Take care and rest a bit — this year was tough for me.
Best regards,
Leo.-

3

HFS ~ HTTP File Server / Re: update

« Last post by danny on Yesterday at 01:14:28 PM »

I like the idea in Leo's patch because it is data validation.  For sure development with HFS2x will need to add data validation and input validation, mainly because the internet is so different today than it was in the early 2000's when most of the features were introduced.  The fact that browsers are also different, just pales in comparison to the change of connecting a server to a very different internet.  So, when the foundation is not level, adding some validation really helps.  I've been adding a little input validation and update for mobile browsers.

So far, I think there wasn't a speed increase; but for sure, more stability/durability has made a capacity increase. 

4

Everything else / Saying Hi again :)

« Last post by NaitLee on November 10, 2025, 02:09:34 PM »

I'm saying Hi again

If you have ever concerned: I'm living well and happily coding. I'm mostly active on Codeberg: https://codeberg.org/NaitLee

This time I didn't bring an HFS template (or plugin), but my own specialized servers:

• omnisrv: For serving sites based on markdown files. Static or dynamic site? You choose!
  
• servezip: For serving content directly from zip files. Also demonstrates gocryptfs support with fscrypt in "fscrypt" branch.
  
• mfs: Minimal and performant server for media files. Supports anti-leech, though no advanced features like uploading or rate-limiting.
  

They are still in early stage, and should be compiled from source. And they are for using in commandline, not as user-friendly as HFS.

In case you are wondering: I don't oppose modern web frameworks, as used in HFS 3. I personally use web frameworks in some projects too (some of them are not published though). I prefer using Qwik (v2 with Bun) and Fresh.

Here's my personal site you can play with: https://unseen-site.fun/ 
At the moment, it's powered by Qwik. I will switch to omnisrv in later days.

Thanks HFS (both v2 and v3) for telling me how a web server should work, on both backend and frontend. 
And thanks everyone on the forum again, I have learned many things in the old days.

I may stay inactive here as I'm also focusing on system tools and game/GPU programming. 
(a few of these efforts can be discovered in my codeberg or github contributions)

Cheers,
Nait

5

HFS ~ HTTP File Server / Re: update

« Last post by LeoNeeson on November 05, 2025, 04:32:46 PM »

Recently, my server withstood a 2 day ddos attack.  And the good news:  Leo wrote a stability patch which kept HFS on track during edge-conditions where it could go to 0 bandwidth.  But, there was No problem.  Thank you Leo!! 

Thanks, I appreciate the recognition...


Yeah, my ‘minor contribution’ actually involved quite a few hours of debugging issues that came from your recent changes. I haven’t published any patch here, since my fixes weren’t too relevant for the original HFS sources, only for your custom fork. Glad to hear it worked well for your version of HFS though.

As long as it makes you happy (and your server runs faster), that’s cool.

6

HFS ~ HTTP File Server / update

« Last post by danny on November 04, 2025, 03:25:41 PM »

Nice results from the October/November 2025 updates: 

Recently, my server withstood a 2 day ddos attack.  And the good news:  Leo wrote a stability patch which kept HFS on track during edge-conditions where it could go to 0 bandwidth.  But, there was No problem.  Thank you Leo!! 

Also I had made an edit so that HFS did not exit from attempting to update the screen two different ways at the same time.  Leo's patch and my little edit, work together to help the server stay on track during high load. 


P.S.  Bonus method to reduce bot annoyance:  You can require your access url (such as your dynamic dns).  It goes in an HFS events entry (control+F6).  Don't specify a port if it is 80.  Here is a whitelist example by naitlee.  I like it!

Code: [Select]

[+request]
{.if|{.and|
{.!=|{.header|Host.}|localhost:8080.}|
{.!=|{.header|Host.}|127.0.0.1:8080.}|
{.!=|{.header|Host.}|mydomain.com.}|
{.!=|{.header|Host.}|mydomain.com:8080.}
.}|{:{.disconnect.}:}.}Similar to Apache's htaccess file, you can find many features by searching for hfs events on the forum.

7

HFS ~ HTTP File Server / HFS v2.4, and security update By DANNY

« Last post by danny on August 09, 2025, 02:58:45 AM »

Thanks Leo!   A lot of your suggestions were incorporated into these new versions.  I really would have been lost without your help with it. 
I do like the idea of supporting the many installs of HFS2x, by providing an option for stable and secure.

And now we have the HFS2.4 template, able to run on our stable and secure version of HFS 2.3
Contributors:  Rejetto, DJ, Rapid, NaitLee, Mars, LeoNeeson, SilentPliz, Danny, Bmartino

Large Folder Capable!  No Slow Paging!   It streams the file list no matter how many files. 
It has HFS native upload pages, browser native icons and native javascript, all for going fast and stable.

Consider this an HFS2.3 > 2.4 adapter, because most of the work in 2.4 was the template itself.
*the template is in the zip files with security-patched HFS from http://software.run.place

8

HTML & templates / Re: The Throwback (retro) template. With large folder and mobile support.

« Last post by danny on July 31, 2025, 09:43:19 PM »

New versions of Throwback are included in the .zip file with the security-patched editions of HFS.
https://rejetto.com/forum/index.php?topic=13703.0

9

HFS ~ HTTP File Server / Re: HFS2.x security update 'p5', yeah, here we go again...

« Last post by LeoNeeson on July 31, 2025, 04:22:45 AM »

Subject: Re: HFS2.x security update 'p5' on suggestion from forum admin
The suggestion that I got, was (paraphrase):  Disable the .exec macro, to help folks sleep better at night. 

Wait a second... a private message from the forum admin?!  (Rejetto) I demand proof, screenshots, and maybe even a signed affidavit from Rejetto himself! Jokes aside, I actually agree that disabling the .exec macro makes sense if it helps you sleep better at night.

These are new 2025 community editions built from a cleaned-up and stable version of HFS.

Just as a side note on your mention about a “community-edition of HFS”, I wanted to clarify something I’ve said in the past. The idea of creating a true community edition was more of a wishful thought on my part, meant to encourage the participation of other professional Delphi developers. In my view, to actually call it a “community edition”, we would need at least three or more experienced developers working together in sync, which, let’s be honest, is very unlikely to happen.

So while your work is valuable and commendable, and I sincerely appreciate your dedication, I believe it’s still more accurate to see it as your own version of HFS, just as Mars once released his own (some spare builds), and others have done too over the years. And if someday I release a version myself, it won’t be a community edition either, it’ll be just my own personal effort, same as yours is now.

Truth is, we’re each working on our own, doing our best to keep HFS alive, and that’s already a big achievement in itself. I just wanted to make that clear, and also to emphasize that in your version, you are entirely free to do whatever you believe is best, regardless of what I or Mars might suggest. That kind of independence is one of the great things about open source.

10

HFS ~ HTTP File Server / HFS2.x security update 'p5' on suggestion from forum admin

« Last post by danny on July 30, 2025, 10:30:16 PM »

The suggestion that I got, was (paraphrase):  Disable the .exec macro, to help folks sleep better at night. 

Although a collection of new filters still prevent macro run from remote... yet it is even more comfortable to know exactly what the .exec macro will do.
So, for "p5" (security patch level 5), the .exec macro function has been changed to make a log entry on-screen, and .exec does nothing else at all.

HFS2.3K_299p5 and HFS2.3N_301p5 are available http://software.run.place

P.S. 
The "K" has tighter timings ideal with the faster templates like throwback and stripes, or
The "N" has the language feature and longer timings to tolerate feature-filled templates.
These new 2025 editions are built from a cleaned-up and stable version of HFS.
Edit:  Now we might want to try for a community edition.