Messages

1

HFS ~ HTTP File Server / December security update - Merry Christmas!

« on: December 23, 2025, 07:19:50 PM »

I've just completed another round of security inspection and didn't find anything big. 
However, the update does spend less cpu time on bots, so it can serve more people.

You can get the update at http://software.run.place  Including several templates

There is also a mini  version available here.
It can run bigger templates just fine.

2

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« on: December 14, 2025, 07:32:19 PM »

I agree that a multi-group discussion area is more sustainable, because more topics gets more proportion of actual people traffic.  I guess there's about 2000 HFS2X servers.  There are daily downloads of updated HFS2X, by real people, but not in large numbers.  So far as I know, HFS2X is the only windows server using its own code as the distribution server, without a CDN buffer.  The uses for HFS2X are niche:  The main specialty is to catalog a lot of files any way you want to.  The streaming-list beats the performance of list-before-draw and pagination schemes.  The HFS2X update is router-cooperative so it doesn't need speed-limit, yet it will find and list your files really fast. 

Anti-bot setup with HFS2x:   Currently, the zip with updated HFS2x includes a txt note with anti-bot filter examples you can use in Events (menu).  Also, templates are updated to decreased verbosity for fast recovery and less cpu time.  For files, a recommendable organization is Unbrowsable root folder (left panel, right click /, flags, uncheck browsable), for the purpose of access forwarded (to browseable subfolder) by DNS.  Currently, I have 5 websites (1 hfs server, 1 dynamic dns, and 5 forwarding address that help by specifying folder and port number); and the method is helpful if your ISP blocks port 80 (forwarder answers on 80 and sends to the real folder and port).  The template used by http://software.run.place is actually an edited stripes.tpl using the 'diff template' function to show just for that folder/site.  Also works is making a copy of either throwback.tpl or stripes.tpl named as hfs.diff.tpl putting it into a high volume (or public) folder for which the fast little template is helpful at saving cpu work and data. 

Except for a banip compatible router (or similar) with curated filter lists installed, there really isn't a 'one fell swoop' approach to dropping bot traffic.  Behavior filters, such as use real browser, ban hacky request, forward to a different port, unbrowsable root, can do a cumulative 12% apiece, approximately.  Not one thing will have a big effect, but the combination does.

3

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« on: December 13, 2025, 05:52:06 AM »

There have been a couple of thousand downloads.  So, I'm curious why there are so few new posts on the forum.  Did that go out of style? 

4

HFS ~ HTTP File Server / HFS2.3M oldstyle "purist" edition

« on: November 25, 2025, 01:47:12 PM »

For the improvement adverse:  Minimal change.

HFS-23-m-oldstyle.zip is available at http://software.run.place

Built fresh from HFS2.3M original source, adding Leo's macro security patch, and the exec macro is disabled.  Featuring the original defaults, the original default template, etc.... Not recommended for those new to HFS.  But, HFS2.3m-oldstyle can help the "Don't Change" crowd to experience that in a real way.

For somewhat more comfort (optional) there is 'HFS 23 style template V2' included in the zip file.  It is not preinstalled, but you could load it manually if you want to bypass some annoyances and run much faster (optional). 

Edit:  Also compatible with a pre-2025 hfs.ini file; if you happened to have an old backup handy from original M or K (remember to exit before copying the ini file to the same folder as hfs.exe).  That would cause it to simply go back to work as expected. 

5

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« on: November 16, 2025, 05:18:13 PM »

Enjoy summer break!  Perfect timing.  I need to hunt for a better job this season.  HFS is doing fine because there's nothing to fix other than keeping ahead of new browser changes. 

The development/lite version finally showed the progress it was made for--At version 2XF, features can be added to it and it will still run stable.  Thanks for the advice on WinMerge, to analyze differences.  Very helpful!   

Edit:  In December, there's some template updates for dealing with internet noise/bots more efficiently.  https://cybernews.com/security/scam-bots-hitting-website-can-lead-to-financial-loss/  There is also a little txt file included with some bot filter examples for hfs events (menu).   The events filters have been working well for the download server.   

6

HFS ~ HTTP File Server / Re: update

« on: November 15, 2025, 01:14:28 PM »

I like the idea in Leo's patch because it is data validation.  For sure development with HFS2x will need to add data validation and input validation, mainly because the internet is so different today than it was in the early 2000's when most of the features were introduced.  The fact that browsers are also different, just pales in comparison to the change of connecting a server to a very different internet.  So, when the foundation is not level, adding some validation really helps.  I've been adding a little input validation and update for mobile browsers.

So far, I think there wasn't a speed increase; but for sure, more stability/durability has made a capacity increase. 

7

HFS ~ HTTP File Server / update

« on: November 04, 2025, 03:25:41 PM »

Nice results from the October/November 2025 updates: 

Recently, my server withstood a 2 day ddos attack.  And the good news:  Leo wrote a stability patch which kept HFS on track during edge-conditions where it could go to 0 bandwidth.  But, there was No problem.  Thank you Leo!! 

Also I had made an edit so that HFS did not exit from attempting to update the screen two different ways at the same time.  Leo's patch and my little edit, work together to help the server stay on track during high load. 


P.S.  Bonus method to reduce bot annoyance:  You can require your access url (such as your dynamic dns).  It goes in an HFS events entry (control+F6).  Don't specify a port if it is 80.  Here is a whitelist example by naitlee.  I like it!

Code: [Select]

[+request]
{.if|{.and|
{.!=|{.header|Host.}|localhost:8080.}|
{.!=|{.header|Host.}|127.0.0.1:8080.}|
{.!=|{.header|Host.}|mydomain.com.}|
{.!=|{.header|Host.}|mydomain.com:8080.}
.}|{:{.disconnect.}:}.}Similar to Apache's htaccess file, you can find many features by searching for hfs events on the forum.

8

HFS ~ HTTP File Server / HFS v2.4, and security update By DANNY

« on: August 09, 2025, 02:58:45 AM »

Thanks Leo!   A lot of your suggestions were incorporated into these new versions.  I really would have been lost without your help with it. 
I do like the idea of supporting the many installs of HFS2x, by providing an option for stable and secure.

And now we have the HFS2.4 template, able to run on our stable and secure version of HFS 2.3
Contributors:  Rejetto, DJ, Rapid, NaitLee, Mars, LeoNeeson, SilentPliz, Danny, Bmartino

Large Folder Capable!  No Slow Paging!   It streams the file list no matter how many files. 
It has HFS native upload pages, browser native icons and native javascript, all for going fast and stable.

Consider this an HFS2.3 > 2.4 adapter, because most of the work in 2.4 was the template itself.
*the template is in the zip files with security-patched HFS from http://software.run.place

9

HTML & templates / Re: The Throwback (retro) template. With large folder and mobile support.

« on: July 31, 2025, 09:43:19 PM »

New versions of Throwback are included in the .zip file with the security-patched editions of HFS.
https://rejetto.com/forum/index.php?topic=13703.0

Or, here is a copy of updated HFS lite with Throwback-basic template (see also post1)
This one is designed for busy servers, to minimize the number of connections used.
The attachment can be uncompressed by peazip or zpaq.

10

HFS ~ HTTP File Server / HFS2.x security update 'p5' on suggestion from forum admin

« on: July 30, 2025, 10:30:16 PM »

The suggestion that I got, was (paraphrase):  Disable the .exec macro, to help folks sleep better at night. 

Although a collection of new filters still prevent macro run from remote... yet it is even more comfortable to know exactly what the .exec macro will do.
So, for "p5" (security patch level 5), the .exec macro function has been changed to make a log entry on-screen, and .exec does nothing else at all.

HFS2.3K_299p5 and HFS2.3N_301p5 are available http://software.run.place

P.S. 
The "K" has tighter timings ideal with the faster templates like throwback and stripes, or
The "N" has the language feature and longer timings to tolerate feature-filled templates.
These new 2025 editions are built from a cleaned-up and stable version of HFS.
Edit:  Now we might want to try for a community edition. 

11

HFS ~ HTTP File Server / Re: HFS v2.x By DANNY

« on: July 24, 2025, 12:22:18 AM »

HFS2.3N is released
And the server you'd download from is running the same version of HFS2.3N

It has:
Added security filter from Leo (result is auto ban) for hfs-specific
Added security filters from me (result inactivated) for unspecified
Added Leo's skip the loop filter for graph workload (no load if feature unused)
Added Leo's skip the loop filter for limiter workload (reduced load if feature unused)
Shielded archive links (logged-in users may archive, bots cannot)
Removed version "M" bugged headers mod (to avoid disrupting the data flow)
Removed operationally reliant hardcoded external reference (was outdated)

12

HFS ~ HTTP File Server / Re: HFS v2.x By DANNY

« on: July 11, 2025, 10:06:03 PM »

Speedup: 
locate hfs23-K-patched3.zip and you can test it out. 
http://software.run.place
It is running that same copy of HFS2.3K, with the macros on.

Thanks to Leo for help in bypassing the always-on limiters, and this prevents freezes.  Also, I raised the console TTL so the UI stays responsive. 

 Edit:  For round 3:  Thanks to Leo for updated code that blocks hfs-specific attack, in the .exe, without reliance on any particular template.  So, you can use any template that you want to.
 
Included in the zip file is now the legacy default template for HFS2.3M, and I have altered it slightly, so it can run well on the security-patched edition of HFS2.3K.  There is the unicode font added to the stylesheet, some necessary size adjustment, and it does not overwork the system icon code.

13

HFS ~ HTTP File Server / Re: HFS v2.x By DANNY

« on: July 09, 2025, 12:30:32 AM »

For patched version of HFS2.3K, I've added many layers of defense. . . and *Might have solved/reduced the gigabit freeze problem. 
http://software.run.place
locate hfs23-K-patched.zip and you can test it out. 
The site to download it, is running that same copy of HFS2.3K, with the macros on. 

14

HTML & templates / Re: Stripes, the template for simple and easy. Updated for security.

« on: July 05, 2025, 08:25:59 AM »

There is a vulnerability in HFS 2.3 and 2.4 that has been fixed
New versions of Stripes are included in the .zip file with (click here) the security-patched editions of HFS.

Or, here is a copy of updated HFS lite with Stripes template.
The attachment can be uncompressed by peazip or zpaq.

15

HFS ~ HTTP File Server / HFS v2.x security update By DANNY

« on: July 02, 2025, 04:30:29 PM »

Hi Leo!  Thanks for the reply.  Thanks for the compiling guide! 

Patched edition available at http://software.run.place