rejetto forum

Software => HFS ~ HTTP File Server => router & port problems => Topic started by: Rom_1983 on April 21, 2022, 06:56:18 PM

Title: Routing system, or several roots for several websites ?
Post by: Rom_1983 on April 21, 2022, 06:56:18 PM
Edit (2022-04-29) : /!\ DO NOT USE THE PYTHON SCRIPT PROVIDED BY @NAITLEE, UNTIL MORE ARE INVESTIGATED IN THE SECURITY OF THE SCRIPT AND THIS WARNING HAS BEEN REMOVED /!\


Hello,

I have set several alias in DUCKDNS.ORG, like :

all pointing to my home IP address. They are intented to be public websites.

In HFS, I have REAL folders for each of them :

/
|-- project1
|-- project2

PROBLEM

When I share the URLs, they are like :


Code: [Select]
project1.duckdns.org/project1
project2.duckdns.org/project2


and this is ugly.

This is even worse if I store the REAL folders in a parent "empty" folder :

/
|-- public_websites /
                                   |-- project1
                                   |-- project2

wich leads to URLs like :

Code: [Select]
project1.duckdns.org/public_websites/project1
project2.duckdns.org/public_websites/project2


REQUEST

I would like them to be just project1.duckdns.org and project2.duckdns.org, pointing to the REAL FOLDERS whatever the position in the VFS tree.
For this, I see two solutions.

SOLUTION 1 : A ROUTING SYSTEM

This is basically what's called "URL rewritting".

HFS should provide a way to detect the URL typed, and LINK IT (not redirect !) to REAL FOLDERS, as junctions (in Windows) or hard links (in LINUX) redirect resources of a hard disk.
One way to achieve this would be to right-click on folders, set the URL, allowing us to type "/" in order for HFS to "reroute" the "/" root to those resources, depending on a certain hostname detected.
There's already a macro to detect the important part of the URL :

Code: [Select]
{.header|host.}
But I don't see what to do with it in the DIFF TEMPLATE of the "/" node.  :-[

SOLUTION 2 : SEVERAL ROOTS

HFS should provide several roots ("/") in several UI, like if it was hosting different websites.



If there is already a solution, I would be excited to hear it because I'm actually desperate. DYNDNS don't offer the way to set an IP + a route as a suffix, like "/public_websites/project1", wich would help to translate project1.duckdns.org into something like 70.56.33.81/public_websites/project1 and transmit the request, thus allowing HFS to directly receive and interprete the "/public_websites/project1" route but still letting it hidden to the user in his browser.

Title: Re: Routing system, or several roots for several websites ?
Post by: NaitLee on April 22, 2022, 06:34:51 AM
Hi,

I've tried event script but didn't find a way either...

Once I'm thinking about a "middleware" for HFS 2 to enhance it in a flexible way.

Though I didn't do it earlier, today I took some time to investigate such thing, and by the way did what you may want: "virtual host" :D

I put my work in attachment, if you can do command line & installed Python >= 3.8 (https://www.python.org/), it's very easy to get started.

- Install Python, if not yet there
- Extract to somewhere, if on Windows, right-click while pressing Shift, open CMD or PowerShell.
- Inside invoke middle.py, let's say you want the middleware be at port 80, and let HFS 2 listen 8080:
  py middle.py -p 80 -q 8080 -v project1.duckdns.org,/public_websites/project1 project2.duckdns.org,/public_websites/project2
  (you can put this content in file start.bat and start it by double-clicking later)
- Now go to http://127.0.0.1:80/ and see if it works. (Note: now visiters should use port 80 rather than 8080)

There are also parameter -b and -d to listen other addresses. For more help use -h.
That means you can middleware HFS on another computer.

There are also some drawbacks, for example (currently) slower, and HFS sometimes exposes an absolute link that have the "true" path (though still can't access "true" root directory).

This is not yet considered a "project". Further development not guaranteed...
But fixes in short term is accepted :)
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on April 22, 2022, 12:32:00 PM
Hello @NaitLee,

Firstable, if you programmed this right after having read my topic, I want to thank you for your kindness and professionalism 😦. I like seing developers devoted in improving things, that's a great quality in a world often ruled by ignorance and contempt where users are always seen like importunate beggars. A big congratulation 👍

Now, I'm a bit distrustful concerning a program shared on Internet, that could be malicious, so I want to check the code before executing it (it will take me some hours, although the script doesn't seem too long).  That said, it seems interesting since it gives users the full control about the redirection, independently from the DYNDNS providers : no extra accounts connections nor profile tweaking, and that's great !

I've read carefully what you wrote and I have a few questions :

1 - Does the use of the :80 port will affect other programs running like CADDY SERVER, wich could use this port ? What I suspect is : I have several CADDY server binded to various local URL with the :80 port, and if your script doesn't filter the entering URL requesting through port :80, I don't see how your script and servers like CADDY could coexist if your script blindly redirect anything entering through the :80 port.
2 - Is the -b parameter dedicated to that purpose ?
3 - I don't understand the difference between -b and -d : does the first one gives the possibility to analyze the IP requesting, or to route to another computer ? In the second case, HFS should be on that computer, and I don't see why we should precise the HFS location with -d.
4 - What do you mean by "and HFS sometimes exposes an absolute link that have the "true" path" ?

Also, we need to be sure that :
5 - Is the IP "mask" (ex : project1.duckdns.org) chunked with what is added after it by the webusers requests ? Ex : will the request "project1.duckdns.org/stuff/thing.html" be recomposed in "project1.duckdns.org/public_websites/project1/stuff/thing.html" locally ?

Title: Re: Routing system, or several roots for several websites ?
Post by: rejetto on April 22, 2022, 02:21:30 PM
just  a side comment,
I suspect that I can make quite easily such feature in HFS 3, to serve multiple domains each with its folder. Maybe even as a plugin. I'm taking note and will try soon. That would be cool.
I'm in a rush now and cannot study the solution made by NaitLee for HFS 2, but kudos anyway.
that said, HFS is not designed for serving static websites, it's just a secondary feature, so it's good only for simple cases.
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on April 22, 2022, 05:04:46 PM
Quote
I'm taking note and will try soon. That would be cool.
Woohooooo  ;D

@NaitLee : I don't succeed in using your commandline. I got these error messages in my CMD :

Code: [Select]
192.168.1.1 - - [22/Apr/2022 18:58:39] "GET / HTTP/1.1" 400 -
192.168.1.1 - - [22/Apr/2022 18:58:48] "GET / HTTP/1.1" 400 -
162.221.192.90 - - [22/Apr/2022 19:00:52] "GET / HTTP/1.1" 200 -
192.168.1.1 - - [22/Apr/2022 19:02:42] "GET / HTTP/1.1" 400 -

The 19:00:52 strange IP address correspond to this in HFS (the only entry appearing in it) :
Code: [Select]
19:00:52 192.168.1.1:55200 Requested GET /
192.168.1.1 is my box/router.

EDIT :
162.221.192.90 is an IP from Dallax, Texas, attributed to Zenlayer : https://www.lookip.net/ip/162.221.192.90
The port 55200 has been known for being used by XSAN : https://www.adminsub.net/tcp-udp-port-finder/55200 , https://en.wikipedia.org/wiki/Xsan
This is not duckdns, located in Canada : https://www.ip-lookup.org/location/duckdns.org
Many abuse reported from this IP : https://www.abuseipdb.com/check/162.221.192.90

WTF ?

Edit (02.24AM) :

I'm still attacked, with PHP injections now (see attachment). I find suspicious that the day someone gives me a Python script, someone attempts to hack me. 🚨
I have several enemies due to my Twitch channel, and was aware since I announced the creation of my website two weeks ago, but anyway, I find this surprising.
@rejetto : can you check the script please ?


Title: Re: Routing system, or several roots for several websites ?
Post by: hanshenrik on April 23, 2022, 12:04:14 AM
i suppose you could use different ports for it, running project1 on port 1001 project2 on port 1002 project3 on port 1003 etc



buuut maybe your needs exceeds HFS2's capabilities
Title: Re: Routing system, or several roots for several websites ?
Post by: NaitLee on April 23, 2022, 08:54:38 AM
First that sorry for the inconvenience, I didn't expect that it's a big trouble for big-scale users.
One thing to clarify is, I wrote the Python script all by sincere and no malicious thing. I'll never fault anyone.
Some common points were concerned but one is missing: the "Server" HTTP header.
The script did nothing to it, and Python BaseHTTP keeps it's default: Python/<version> BaseHTTP/<version>
This way bad bots could identify that and trying to exploit it with their "common sense" in brute. But of course it will never work except taking network traffic.
To change it is easy. But in your case it's still not so well: the big-scale use case nature is somewhat out of my scope :-[
To filter these spikes is also possible, though needs extra work.

For now under class MiddlewareHandler put these:
Code: [Select]
    def send_response(self, code, message=None):
        self.log_request(code)
        self.send_response_only(code, message)
This removes Server header exposure, by overriding parent class method.
I'll update the code attachment. Please update as it fixes another thing.

You can of course use other port.
The -b is for middleware to "bind" an network address, (ex. "-b 127.0.0.1" for only listening to localhost (that is, only your computer could access it), and any other.)
The "opposite" -d is to tell "where is HFS". Default to localhost.
Same applies to "-p" for middleware to use a port and "-q" to tell what is HFS port.

Answers:
1. Maybe yes. But you can use other ports freely with -p parameter
2. See above. You can know more about "address binding" from internet
3. Also see above. Don't take pressure, the difference is just "letter direction" and "whether middleware or HFS"
4. Ex. with HFS 2.4 default template you can see the directory "breadcrumbs" still contains "project1" etc, even though proxied.
5. Yes!
Title: Re: Routing system, or several roots for several websites ?
Post by: NaitLee on April 23, 2022, 09:18:35 AM
For the attack:
- Not me! My local network/Internet service (provider) structure don't even allow such kind of public access.
- Nothing except the IP address is meanful for analysis.
  So just block/ban the address, in HFS or System (Windows) Firewall.
  An "if" condition in this middleware can also do it.
Code: [Select]
    def do_whatever(self):
        'Just proxy through'
        if self.client_address[0] in ('162.221.192.90', ): # you can add more
            return
        host = self.headers.get('Host')
        # ...

EDIT: I see crack/attack prevention a good/interesting point to discover. I would like to try to do it and see if it would work well.
Middleware could see what's going on, and we can analyze things inside.
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on April 23, 2022, 12:27:49 PM
Quote
One thing to clarify is, I wrote the Python script all by sincere and no malicious thing. I'll never fault anyone.
I want to believe you, I'm thinking about a hasardous coincidence. :) I have banned the IPs through my Windows firewall.

Quote
The -b is for middleware to "bind" an network address, (ex. "-b 127.0.0.1" for only listening to localhost
Ok but how could our computer "listen to" to another computer's requets like if the script was running on it ? That seems impossible to me. That's why I find this option strange.
AH YES ! I know : maybe to bind to another NIC on the same computer ? That would be useful.

Quote
My thought is different, because what a domain name "hosts" (virtually) which "directory" is totally up to you.
That doesn't answer to my question (or I don't understand). Anyway I can't test it and observe the redirection, because your script doesn't work and I have ERRORS as I said.
My HFS is set to port 8000, I've opened that port on my router (NAT) binded to my PC LAN IP, and I've set "sandwichtv.duckdns.org=sites_publics/sandwichTV" to work with your script (with 127.0.0.1 and 80 / 8000 ports). I have Python v3.9 installed.
I type "http://sandwichtv.duckdns.org" in my browser and this gives me the ERRORS.

Code: [Select]
@echo off
start cmd /k py middle.py -p 80 -d 127.0.0.1 -q 8000 -v sandwichtv.duckdns.org,sites_publics/sandwichTV
exit /b
Title: Re: Routing system, or several roots for several websites ?
Post by: NaitLee on April 23, 2022, 01:04:37 PM
Sorry that I've changed something before but forgot to say.  :-[
You need absolute path in middleware -v parameter: (put slash at beginning)

-v folder1,/folder1 folder2,/another/folder2

Paths are still corresponding to HFS virtual dir structure.

I just implemented some banning mechanisms. The script structure is not that good, and I should clean it later.
It prevents some common attack attempts while banning that bad client. While this may be too "violent" for casual curious guys.
Things happened are available in file banlist.txt
You can test it anyway. See attachment. :)
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on April 23, 2022, 02:37:27 PM
FINALLY ! It works !  :D Indeed, it was the "/" missing at the begining.
Congrats for the banning system, it will help to secure things.  I'm actually working on a MS-DOS batch to facilitate adding IPs to a desired rule of the Windows' firewall dedicated to block them.
I'm also working on a batch to automate the use of your Python script, with an INI file and the possibility to set several HFS servers and/or hosts+routes.

I'll keep in touch.

Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on April 23, 2022, 04:11:04 PM
@naitlee : I sent you a PM regarding a new security problem. Did you received it ?
Title: Re: Routing system, or several roots for several websites ?
Post by: rejetto on April 26, 2022, 05:45:45 PM
what if i told you i just finished a 15-lines plugin that gives you this.

...HFS 3 of course
Title: Re: Routing system, or several roots for several websites ?
Post by: vladimirov70 on April 26, 2022, 08:56:07 PM
what if i told you i just finished a 15-lines plugin that gives you this.

...HFS 3 of course
Thanks!
Title: Re: Routing system, or several roots for several websites ?
Post by: vladimirov70 on April 27, 2022, 04:41:13 PM
Two different sites, using only HFS settings.
Menu -Start/Exit -Uncheck "1 instance only".
Launch the first instance of HFS. Menu - IP adress - Put a checkmark in the "Dont include port in URL" box. This will be the first site with an address like http://191.ХХХ.ХХХ.ХХХ.
Launch second HFS instance. Menu - IP adress - Uncheck "Dont include port in URL".
This will be the second site with an address like http://191.ХХХ.ХХХ.ХХХ:8080
I checked it today and it works.
Title: Re: Routing system, or several roots for several websites ?
Post by: NaitLee on April 28, 2022, 05:20:53 AM
Right, one can make several domain names point to the same address but just differ the port.

The drawbacks are a) need to share the port along with address, b) maybe extra work to manage HFS instances & all VFS files

btw HFS url config make no use at how the server works -- it is used only for URL building :)
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on April 29, 2022, 03:36:33 PM
About @Naitlee's Python script

- I've had a long discussion with him, because I've been the target of distant hacking attempts everyday since the use of the script a few days ago. Attacks by injection ike : "192.241.214.230 - - [25/Apr/2022 12:02:33] "GET /actuator/health HTTP/1.1" 404 - or "205.210.31.151 - - [29/Apr/2022 14:33:41] code 400, message Bad request version ('À(À$À\x14À')
↨♣>3¢Æ'M←·1♥¸♥»ù~ Úr–£:ë„>♠  h̶Ì‼À/À+À0À,À◄ÀÀ'À#À‼À    À(À$À¶À" 400 -"

- I don't know if these are worldwide bots or a solo hacker, and I don't know if the requests are made by using my IP with the standard 80 port, or my DYNDNS addresses.
- Naitlee helped to improve the script, but it still isn't enough because I'm constantly hearing Windows10 ERROR sounds (several times per day), and those attackers even managed to trigger my antivirus by trying to use a EK-Mozi threat and 127.0.0.1:8000 hacks. See :
(http://www.8651748351.duckdns.org:8000/_public_host/rejetto_forum/nod32_middlePY.jpg)

- They also try to make my PC to connect to distant servers like "CONNECT google.com:443 HTTP/1.1" 501"

I want to say that to my eyes, the script isn't safe WHATEVER Naitlee will say. He seems too confident and overestimating his capabilities to understand that Python is a dynamic language with a potential impact on the filesystem and operating system, as PHP or any other dynamic language, wich is very suspicious to me. Saying me that "Python is compiled and can't be modified at runtime" and that "I don't understand that all the attack are benign and Python is bullet-proof", is to me the last thing that made me to decide to write this comment. Python is used for many things including writing files, connecting to websites, etc, so any injection and abuse can make a language unstable and propitious to being diverted. I'm not a Python user, but it seems very unrealistic to say that the core-language could never be reached by any breach opened from the original script, and that all methods from the languages aren't accessible just because of "the compilation process".

(...part removed by rejetto...)

I considere that the escalation of attempts, especially the EK-Mozi threat, give me the right to do such a temporary conclusion.
Consequently, I prefer to wait for an official solution by rejetto for now.

Officiel HFS solution

Speaking of wich :

what if i told you i just finished a 15-lines plugin that gives you this.

...HFS 3 of course

@rejetto : very happy to see that you finally did it !
The script developped by Naitlee routes incomming requests by specifiying the IP and port we want. And I'm not sure your plugin allows such a precision.
Moreover, I'm not sure that your plugin allow to use several "hosts", you only give a single example.
But I'll try HFS 3 asap to be sure. THANKS A LOT <3 !

About security

I'm asking right now, due to my experience with the routing of Naitlee's script, some fure improvment(s) that seem to me necessary to avoid bad surprises :

- A way to whitelist URLs incomming in HFS. If a distant user try to reach a URL that isn't corresponding to any URLs parent node, thus he'll been blocked.
- Adding all URL of all nodes corresponding to the tree of folders in HFS being tedious, of course the feature must be friendly and allow to accept any sub-url typed (ex : by using a metacharacter like /stuffs/thing/*).

If you feel I'm not very accurate in my suggestion, please understand that I'm not an advance programmer. I just use my basics to communicate here to help to improve things intelligently (as by "trapping" any malicious user when he types unexpected URLs, without being forcefully exhaustive and bullet-proof ; but we rather do something simple for now than do nothing, and we can count on hackers being stupid by trying to type injection right on the root of URLs we publicly share).
Title: Re: Routing system, or several roots for several websites ?
Post by: LeoNeeson on April 29, 2022, 11:36:25 PM
I'm not defending Naitlee, but I bet this was caused by using Python as 'middleware' server, since you can't trust ANY modern platform nowadays (like Python, Nodejs, React, etc). I'm almost sure Python 'phones-home' your server's IP, and then you get all those unknown attacks (from hackers or some intelligence companies that try to break in your PC). This is a new normal behavior of many modern software (just because most people don't know or care about privacy anymore). The same goes with Windows 10 (which is a BIG security risk, unless you disable all the privacy vulnerabilities that come enabled by default).

Offtopic: On my personal side (not related to this issue), since I'm tired of all those crazy things, I prefer to use old software with old hardware, than using anything modern (for example: an old device with a hardware firewall, along with an old operating system which has a firewall software, adding another layer of security). I haven't tested, but Naitlee's Python script looks clean (at least after doing a fast review), but Python could be the security risk by itself. You can never be paranoid enough in this world...

Marvin was right: "How many times have I told you? They switch the flip and you're done". ;D

» See here: https://youtu.be/6HXgPGZcXe4?t=120 (https://youtu.be/6HXgPGZcXe4?t=120)

@NaitLee: I've read your comment on the other thread (https://rejetto.com/forum/index.php?topic=13537.msg1067428#msg1067428), and please don't feel offended (do what you want, but don't leave the forum just for this). Since you are young, you should know that those situations happens from time to time. Some years ago, a user named 'Danny', freaked out because something similar happened to him, but then he find out that he was mistaken, and everything was solved. Running an internet server is not for everyone (it's not a easy task as it seems), at least unless you know the inherited risks of having a PC open to the internet. Peace to everyone... :)

Cheers,
Leo.-
Title: Re: Routing system, or several roots for several websites ?
Post by: rejetto on April 30, 2022, 09:41:19 AM
hi guys,
I don't like to be the moderator here, but I'll take some precautions to lessen unnecessary sufferings.
My personal opinion here is that both Rom and NaitLee are in good faith.

All the reports Rom is making are extremely common given the circumstances, it's just what happens if you open a web server on the internet, and using ports on common numbers makes it just much worse/frequent.
It's just like diving into the open sea and getting wet: it can be unpleasant especially if you weren't ready for that, but it's not really harmful per-se, nonetheless there are real threats out there and you should keep all precautions.
It's like emails and spam/phishing, a never-ending fight where software can't easily tell goods from bads.
As a side comments, it's basically why HFS 3 is by default having different logs for errors, to not be overwhelmed in the main log with the huge number of bad requests you normally get. But I hope to be able to do more than that. I hope we'll have a way to filter out most "spam", maybe a plugin, maybe someone else will help and take care of that.

I've read Rom's message, I think he is not a bad person and he acted in good faith.
And yet, some of his comments are not welcome here, so I'll remove few lines.
I don't enjoy doing that and I don't want to force him to think differently, but I don't want to give space to such generalizations and personal attacks.
To be honest, I hate to be the judge here, I'm probably not good at that and I'd rather focus on programming, but I don't feel ok with doing nothing either.

I don't know NaitLee personally, but after the years I've made my opinion of the soul, based on posts and acts, and it's of the kind type.
Title: Re: Routing system, or several roots for several websites ?
Post by: rejetto on April 30, 2022, 09:49:50 AM
Regarding the statements about python, javascript, etc, my 2 cents are: I'm not expert in the security field, yet my profession requires me to know more than the average person. I consider true the statement that some languages/technologies pay their flexibility with some extra risks. And yet, these risks heavily depend on what the programmer does. There are organizations "risking" millions of dollars on stuff built with such technologies. Everybody decides his own level of paranoia, but remember there's a price to pay for paranoia too.
Attacks and remote executions have always existed with and without newer technologies.
Also, remember that python, node, etc, are open source and watched closely by the whole world. You decide.

I've asked a friend who's in IT security to give me a hand ensuring HFS 3 is good enough. It's not an easy task, and it's even harder doing it in my time off, after I'm tired because of my job. But, hey, it's open source, everyone who can contribute to make it more secure is welcome to give a hand.
Title: Re: Routing system, or several roots for several websites ?
Post by: rejetto on April 30, 2022, 10:12:07 AM
Moreover, I'm not sure that your plugin allow to use several "hosts", you only give a single example.

I was in a hurry and didn't communicate it in the best of ways, but that's what the "+" button in the picture is for, to add more.

Quote
- A way to whitelist URLs incomming in HFS. If a distant user try to reach a URL that isn't corresponding to any URLs parent node, thus he'll been blocked.

I'm not totally sure what you meant by that, but it's giving me a huge hint on how to tell unwanted traffic. Surely a lot of people have come to this eons ago, but me? just now.
I've been paying little attention to the "domain" thing at this stage of the project, for good reasons, but most of the unwanted traffic will come to you just with your IP, randomly.
Rejecting all traffic not using the domain is a piece of cake. I could easily make a feature for that. I'm not sure if as a plugin. I'm trying to make plugins to both show people what they can do, and also to let people customize them to better suite their needs, possibly by making a new plugin out of them.

Problem is: a lot of people don't have a domain, and I'm not sure I want to force them, limiting possible usages of the server. Also because it would rely on external services, I'm trying to not bind the project to external services.
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on April 30, 2022, 11:57:01 AM
Quote
but I'll take some precautions to lessen unnecessary sufferings.

By reacting like that, you're doing the exact opposite. Just IMAGINE that the botnet would have passed my antivirus protection, and my PC was infected to a point I could not talk here anymore. Just imagine the big "THANK YOU" echoing in my head, and how I would feel about your moral. Attack are real, and botnet are a real shit. You don't protect people by avoiding them to show the facts.

Politeness should never overpass common sense. I see that positive racism still reshape the politically correct everyday, even with all the precautions (I specifically said "don't take this as racism" and "this is not a definitive accusation"). I find dangerous to not be authorized to say that a [put a nation here] botnet attacked me (and no, that's not "normal") neither that a [put the same nation here] user, acting like a pro, try to underestimate the constant threat of the attacks, or that the origin of both the user and the bot converge and is a sign. Especially if the attacks are made on one of my DYNDNS addresses and not the basic :80 port, suggesting that this is not a hasardous coincidence.

Moreover, I find very worrying to see an admin keeping the same speech than the aforementioned user, maybe based on a "de-escalation" psychological effect, and saying me that those error messages are "normal" and "benign". Sorry, but constant injections are dangerous, Python in HTTP-serving context is dangerous, windows error SOUNDS are not a good sign, and antivirus triggered and now alerting from a botnet activity on my computer is definitively a new step indicating that all the previous ones has paid off.

Don't considere that just because a forum user "has a nice avatar", "acts nicely", and "have a lot of message", that would never be a foreign hacker hooked on a technology and having a main interest to wait and see victims coming in his "generous" hands. Scams, since the begining of humanity, always proceed on the basis of empathy. And if you add geopolitical knowledge to that (a country that I won't name, given that violence has such power that we are muted by hypocrisy), well you have an idea of what CAN be (not what IS forcefully). If we can't talk and share our clues anymore, that's more than ever dangerous. Paranoia has nothing to do with it (botnet + antivirus triggered).

If error messages + sounds + antivirus reaction + general escalation of alerts was normal, I think simply launching  servers like CADDY or HFS would lead to such common patterns. However, I never experienced such things before. Finally, I considere that if the author of a script doesn't react normally and doesn't keep adding security (I asked him to add URL filters, as I suggested you to implement it in HFS v3), I find this very suspicious.

About HFS v3 and VHOST

The vHost works like a charm. It's set on port 80 by default, so it's perfect for my use because I don't want additional port used in URLs.

Suggestions

- We cannot move entries (up, down) with the mouse. It would have been cool, to sort things. For now if we're not satisfied after a few moment of what we have done, we have to delete the entries and recreate them.

- There's not EXE staying in the systray, like the V2. Now we launch a CLI, and that populates our taskbar, and I don't want that. I'm sure there's a workaround with softwares allowing to minimize any window in the systray, but the ideal would be to have a native solution.

- Popups hovering when we finished an action don't disappear by themselves. We have to click in the void around, and that may disturb people not used to.

- Network drives aren't detected if we don't launch HFS v3 in admin mode. That's normal with most of softwares, and know this since a long time ^^,  but I suggest to put a line in the UI to inform users.

_______________

Now I want to say congratulations for this new version of HFS. The UI is amazing, there's many options. That's a damn good HTTP solution. The upgrade since v2 is stunning. Keep the good work !
Title: Re: Routing system, or several roots for several websites ?
Post by: rejetto on April 30, 2022, 12:47:33 PM
i quickly considered the evidence you brought, and i determined that it was not enough for the statements you made against NaitLee. You may disagree, and I may be wrong, but that's the best i can do for the moment.
I'm not asking you to trust the guy. Don't, if you feel like it. I don't say he cannot be evil, I said you went a bit too far with words for this place.

I didn't say "benign" to any attack. I can't say if you had any damage or if you had any real threat on you.
I know most web attacks are automatic (= cheap), hoping to find something very specific behind the "door", but without really knowing, and thus most of them are ineffective.

I don't want to prevent your "free speech" in general, just here. In a way I'm responsible for this forum, but I don't have time and will to investigate this further, and I have to make a few decisions anyway.  I'm not here to lecture people how to live.
 
Answering the rest in a following post.
Title: Re: Routing system, or several roots for several websites ?
Post by: rejetto on April 30, 2022, 01:11:09 PM
- We cannot move entries (up, down) with the mouse. It would have been cool, to sort things. For now if we're not satisfied after a few moment of what we have done, we have to delete the entries and recreate them.

i will likely add the up/down at some point because that "editor" is meant to be generic, and other plugins may be sensible to the order of data.
Anyway, this is not true for vhosting plugin, the way it is right now at least. So you should be ok without the order, but if you really really want to change the order you can still open config.yaml file with notepad and you may find it's easy to make it.

Quote
- There's not EXE staying in the systray, like the V2. Now we launch a CLI, and that populates our taskbar, and I don't want that. I'm sure there's a workaround with softwares allowing to minimize any window in the systray, but the ideal would be to have a native solution.

i hope at some point we'll have hfs install as a service, and be controlled with a tray application like you say.
It's not high priority for me, and it would be cool if someone else would work on it, as the tray icon would probably be a separate program.
I added it to the to-do list.

Quote
- Popups hovering when we finished an action don't disappear by themselves. We have to click in the void around, and that may disturb people not used to.

in some cases this is good, because i need to know the user acknowledge to the content of the popup.
I'm sure some cases would be better with the behaviour you just suggested. Feel free to point at some of them you care about, and I'll consider which ones to transform.

Quote
- Network drives aren't detected if we don't launch HFS v3 in admin mode. That's normal with most of softwares, and know this since a long time ^^,  but I suggest to put a line in the UI to inform users.

thanks for the suggestion, but I'm not able to confirm it yet: i have a couple of networked drive here and HFS sees'em even if I don't get the "User Access Control" warning of windows when i launch it. When you say "admin mode" are you referring to the UAC ?


Quote
Now I want to say congratulations for this new version of HFS. The UI is amazing, there's many options. That's a damn good HTTP solution. The upgrade since v2 is stunning. Keep the good work !

thanks, it was not an easy decision because making it will take about 1 year of my time just for the first version. It's not easy to start a project this big. That's why I delayed it for 8 years.
Title: Re: Routing system, or several roots for several websites ?
Post by: LeoNeeson on May 01, 2022, 05:56:05 AM
I don't like to sound like a 'bootlicker' of Rejetto, but I congratulate him, for his decision to keep the peace in this forum (not only this time, but over many years), and this time, for setting-aside (removing) discriminatory comments. This is what sets this forum apart of the rest: tolerance and respect for others.

» About my personal life (you don't need to read this, if you don't care): I'm Argentine, and for many years in many English-speaking forums I was discriminated for the simple fact of being Argentine (and for living in a country of the so-called 'third world'). That, added other bad experiences, like having suffered bullying (https://en.wikipedia.org/wiki/Bullying) at school when I was a kid, and then having several unrequited love (https://en.wikipedia.org/wiki/Unrequited_love) for some women, led me to have (throughout all my life) a marked personality with a notorious inferiority complex (https://en.wikipedia.org/wiki/Inferiority_complex) and low self-esteem (https://en.wikipedia.org/wiki/Self-esteem#Low), from which I'm always trying to recover (and believe it or not, I'm not fat, neither bad looking). That's why I know firsthand how ugly it feels to be discriminated, for whatever reason. I always wanted to tell you this, but I never found the opportunity (sorry for being offtopic).

Back to this thread, I'm not defending anyone, but just saying that discrimination harms people (it hurts), and should always be avoided at all costs (and the best is to keep a conversation as technical as possible, when for example someone reports that some code or script is not working as expected or has some unwanted effect).

Have a nice Sunday people, enjoy the weekend. :)
Leo.-
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on May 01, 2022, 12:00:15 PM
Let's move on to HFS ;)

I have a major problem : it's been a few time that when relaunching HFS v3, it ends being amnesic and all my settings are gone (folders shared, etc).

I spent a few hours yesterday setting it, and I'm desperate. Can you help me ? I won't retry anything before a solution.

One thing that bother me and maybe related to that amnesia : to close HFS, there's no "close" button or feature. So I close the CLI (I even try CTRL+C sometimes in it, to cleanly close the program). Is it the way to close it ? How do it save things ? I always push "SAVE" putton in the admin panels.

Quote
i need to know the user acknowledge to the content of the popup
Solution : add a button with "OK" text.

Quote
When you say "admin mode" are you referring to the UAC ?
No : I refer to right-click -> launch as administrator (or make a shortcut, go in its properties, advanced, and check the bock "always launch as admin").
Without that, it doesn't detects my network drives.
Btw I have disabled UAC competly (this is a nightmare and I'm not the only one th think it).
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on May 01, 2022, 12:10:33 PM
Oh, woops, that's really really weird : I've relaunched HFS with the same shortcut, and now it remember things (in the meantime, I've gone in the folder of HFS to check any config file and I gound the "config.yaml" and saw my settings in it). I'm gonna reboot to see if it's related to the short period of time after a reboot where all the environment isn't fully loaded. I'll edit this post to give the answer.

Edit : yeah, it seems that placing a shortcut of HFS in my "Startup" folder leads to HFS running erratically and not launching properly. After two reboots, it launched access.log and error.log but HFS.exe is not found in procresses list (last time when I post my previous message, it has launched but with amnesia). If I launch it manually with the aforementioned shortcut, it launches correctly.

Similar problems :
https://stackoverflow.com/questions/52561921/batch-file-not-working-correctly-at-startup
https://www.tenforums.com/tutorials/57690-create-elevated-shortcut-without-uac-prompt-windows-10-a.html

Edit : this is an issue related to Windows operating system. Feel free to ignore it  ;)
Title: Re: Routing system, or several roots for several websites ?
Post by: rejetto on May 01, 2022, 01:46:17 PM
Quote
One thing that bother me and maybe related to that amnesia : to close HFS, there's no "close" button or feature. So I close the CLI (I even try CTRL+C sometimes in it, to cleanly close the program). Is it the way to close it ?

this isn't a part where i put much attention yet, but apparently the good way of closing it is CTRL+C. This isn't ideal of course, on Windows at least.
I say rare because most stuff is done within 1-2 seconds, so that's for sure not the cause of your problems.
Next version will detect also closing of the window, to ensure final procedures are done

Quote
How do it save things ? I always push "SAVE" putton in the admin panels.

and that's enough

Quote
Solution : add a button with "OK" text.

will do, but i already opted for "auto-dismissing" notification on a couple of cases. In vext version.

Quote
No : I refer to right-click -> launch as administrator (or make a shortcut, go in its properties, advanced, and check the bock "always launch as admin").

i guess it's basically the same thing, presented differently.
I don't run it that way, and still I get the net-drives.
Some programs, when not run "as admin", will present a dialog for admin permissions, you surely know, and that's basically UAC.
I also get no UAC dialog.

Quote
Btw I have disabled UAC competly (this is a nightmare and I'm not the only one th think it).

i'm no expert with this kind of stuff in Windows, but since win10 i didn't have to disable anything, and the annoying UAC interactions introduced with Vista (i think) are simply not there.
Since my account is part of "adminitrators" I'm not sure what triggers the UAC dialog for some softwares, if it's just bumping into a priviledged instruction or an explicit declaration of the exe file at its start. Fact is, some programs present this dialog "later", but I cannot exclude it's because they are launching another program, behind the scenes.

I'm happy to see you managed to solve your problem.
Anyway, I think it has something to do with the "working directory". When you create a shortcut you have a "start in" field, that's basically it. HFS will save files there. You can confirm where it is working when the CLI opens, there's a line starting with "cwd".
Title: Re: Routing system, or several roots for several websites ?
Post by: Rom_1983 on May 01, 2022, 02:30:12 PM
👍 Thumbs up for such a patient and devoted programmer ! The vHost plugin is an awesome feature.
Title: Re: Routing system, or several roots for several websites ?
Post by: vladimirov70 on May 01, 2022, 03:05:16 PM
Right, one can make several domain names point to the same address but just differ the port.

The drawbacks are a) need to share the port along with address, b) maybe extra work to manage HFS instances & all VFS files

btw HFS url config make no use at how the server works -- it is used only for URL building :)
Right. And also the provider's restrictions matter. My provider has a limited number of open user ports.