16
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
17
HFS ~ HTTP File Server / Re: Request login/password but accept any
« on: December 17, 2021, 05:00:45 PM »
From memory I don't think that's possible, unless you create a form yourself to manage the identification, under the conditions you want, you just need to redirect to the resource (possibly hidden) including the login and password assigned to him
18
Bug reports / Re: Possible vulnerability
« on: December 11, 2021, 09:46:00 PM »
if you are using one of the latest versions the remote use of macros by a user using a url is automatically detected and made harmless.
https://rejetto.com/forum/index.php?topic=11758.msg1061386#msg1061386
the other vulnerability exploit that was resolved quickly was the null byte injection
https://rejetto.com/forum/index.php?topic=11619.msg1064421#msg1064421
I can no longer remember where and in what way these two types of attack are detected in the sources of hfs but it is certain that if your version is up to date there is no more risk when a remote user performs such attempts
https://rejetto.com/forum/index.php?topic=11758.msg1061386#msg1061386
the other vulnerability exploit that was resolved quickly was the null byte injection
https://rejetto.com/forum/index.php?topic=11619.msg1064421#msg1064421
I can no longer remember where and in what way these two types of attack are detected in the sources of hfs but it is certain that if your version is up to date there is no more risk when a remote user performs such attempts
19
router & port problems / Re: Can't connect from a Mobile device to the laptop with running HFS
« on: October 26, 2021, 03:03:56 PM »
it may depend on several factors:
1) make sure that the mobile phone is well connected in wifi on the local network and not on the 3G-4G-5G network, otherwise it is necessary to set up an external routing
2) with HFS in standard mode, the phone browser must be able to display the home page, if necessary try another browser
3) in all circumstances, in the event of problems, use the IP address of the computer on the local network as the connection url and not the DNS name used for external connections
1) make sure that the mobile phone is well connected in wifi on the local network and not on the 3G-4G-5G network, otherwise it is necessary to set up an external routing
2) with HFS in standard mode, the phone browser must be able to display the home page, if necessary try another browser
3) in all circumstances, in the event of problems, use the IP address of the computer on the local network as the connection url and not the DNS name used for external connections
20
HTML & templates / Re: About "hits"
« on: October 17, 2021, 12:56:00 AM »
attach your hfs.tpl in a new post
21
Bug reports / Re: False errors on upload
« on: September 17, 2021, 11:15:34 PM »
Appears for one of the following reasons:
when sending each file with the method that was used for it
- the logged in user does not have write rights to upload file in the folder
- the user and the password used do not correspond to a registered account values
when sending each file with the method that was used for it
- the logged in user does not have write rights to upload file in the folder
- the user and the password used do not correspond to a registered account values
22
Everything else / Re: I can't change the website to English.
« on: August 03, 2021, 11:22:27 PM »
just indicate the country in the paypal url before /home as in the examples below
https://www.paypal.com/uk/home
https://www.paypal.com/it/home
https://www.paypal.com/de/home
https://www.paypal.com/es/home
https://www.paypal.com/uk/home
https://www.paypal.com/it/home
https://www.paypal.com/de/home
https://www.paypal.com/es/home
23
HFS ~ HTTP File Server / Re: "username not found"
« on: May 11, 2021, 02:40:22 PM »
"user/password for each folder" is an old protection technique implemented during the first versions of HFS, it is preferable to use as much as possible the use of accounts
24
HFS ~ HTTP File Server / Re: Any way to limit viewing a folder/file from one specific IP?
« on: April 28, 2021, 07:01:21 PM »
if only one particular ip should be able to access the folder, add something similar in the diff template of the folder properties
either by using a forced disconnection
or even better by using a redirect which gives the user the impression of an invalid link
replace 127.0.0.1 by the allowed ip
a more concrete example is to only give access to a specific user without going through permissions
note the difference in use between {.!=| and {.=| , difference or equal usage
either by using a forced disconnection
Code: [Select]
[+]
{.if|{.=|%ip%|127.0.0.1.}|{:{.disconnect.}:}.}
or even better by using a redirect which gives the user the impression of an invalid link
Code: [Select]
[+]
{.if|{.=|%ip%|127.0.0.1.}|{:{.redirect|../ .}:}.}
replace 127.0.0.1 by the allowed ip
a more concrete example is to only give access to a specific user without going through permissions
Code: [Select]
[+]
{.if|{.!=|%user%|Tsuna.}|{:{.redirect|../ .}:}.}
note the difference in use between {.!=| and {.=| , difference or equal usage
25
Programmers corner / Re: Template/events for QOS or traffic shaping.
« on: April 28, 2021, 05:43:39 PM »
Are there some per ip-specific measurements?
no
How to make global variable apply to only 1 ip?
a variable is defined by its name which can include letters or numbers and preceded by # to become a global variable
just include %ip% in the name
{.set|#flag_%ip%| .... .}
global variables only exist while hfs is running
no
How to make global variable apply to only 1 ip?
a variable is defined by its name which can include letters or numbers and preceded by # to become a global variable
just include %ip% in the name
{.set|#flag_%ip%| .... .}
global variables only exist while hfs is running
26
Programmers corner / Re: Template/events for QOS or traffic shaping.
« on: April 13, 2021, 11:41:19 AM »
you must analyze the url which is sent by the path variable and check its validity by eliminating the non-existent parts or use a fallback url like the use with newurl in the following
[not found]
{set|newurl|/.}
{.add header|Cache-Control: no-cache, max-age=0.}
{.redirect|/~404?path={.if|{.exists|%url%.}|{:{.encodeuri|{.filepath|%url%.}.}:}|{:{.^newurl.}:}.}.}
the problem is that in section 404, the url is not that of the containing directory but that of the requested file "return to previous page" does not correspond to% url% as for [max contemp downloads]
use macro {. add to log | ..what you need to see.. .} in various places to control the transmitted data and more easily determine why you are having inconsistencies in the operation of your scripts
[not found]
{set|newurl|/.}
{.add header|Cache-Control: no-cache, max-age=0.}
{.redirect|/~404?path={.if|{.exists|%url%.}|{:{.encodeuri|{.filepath|%url%.}.}:}|{:{.^newurl.}:}.}.}
the problem is that in section 404, the url is not that of the containing directory but that of the requested file "return to previous page" does not correspond to% url% as for [max contemp downloads]
use macro {. add to log | ..what you need to see.. .} in various places to control the transmitted data and more easily determine why you are having inconsistencies in the operation of your scripts
27
Programmers corner / Re: Template/events for QOS or traffic shaping.
« on: April 05, 2021, 08:42:24 PM »
{.set | #frompath | %encoded-folder%.} cannot work because [max contemp downloads] is served as a new page from root and at this point the session is no longer the original page then %encoded- folder% returns / because some %var% are not defined, on the other hand I came across %url% which is the link of the loaded file that allows to deduce the original path
you can either use a global variable but which risks being changed by another user in the same situation or an url variable which will be valid only for the right recipient
you can either use a global variable but which risks being changed by another user in the same situation or an url variable which will be valid only for the right recipient
Code: [Select]
[max contemp downloads]
{.add header|Cache-Control: no-cache, max-age=0.}
{.set|#frompath|{.encodeuri|%url%.}.}
{.redirect|/~server%20is%20busy?path={.encodeuri|{.filepath|%url%.}.}.}
[server is busy|public]
{.set|backpath|{.decodeuri|{.urlvar|path.}.}.}
<!DOCTYPE html><html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<META HTTP-EQUIV="Refresh" CONTENT="3;URL={.^backpath.}">
<TITLE>Busy</TITLE>
<link rel="icon" href="data:,"></head>
<body bgcolor="black" text="white" alink="white" link="white" vlink="white"><center><h2><br>Server is busy.</h2>Returning to previous page...</center>
</body></html>
28
Programmers corner / Re: Template/events for QOS or traffic shaping.
« on: April 05, 2021, 01:46:53 PM »
is this correct? {.set|%encoded-folder%|#frompath.}
always set | #variable | value
this variable will be initiated for all connections, if you plan to use it in an event, you should associate the ip and the name of the user to it in order to target the event
{.set|#frompath|%encoded-folder%;%ip%;%user%;.}
and separate the different fields in the event zone or the section considered
it may seem like a long process, but there is no simplified macro to do this kind of manipulation
this is an example you can verify in menu > debug > run script
result give
everything is based only on the manipulation of the chains
another form of use if the number of elements is not known in advance
or to have it in the real order
always set | #variable | value
this variable will be initiated for all connections, if you plan to use it in an event, you should associate the ip and the name of the user to it in order to target the event
{.set|#frompath|%encoded-folder%;%ip%;%user%;.}
and separate the different fields in the event zone or the section considered
it may seem like a long process, but there is no simplified macro to do this kind of manipulation
this is an example you can verify in menu > debug > run script
Quote
{.set|#frompath|http://127.0.0.1/test;127.0.0.255;MyName;Private message to the user;/set.}
Start = "{.^#frompath.}"
{.comment|Use script only frome here.}
{.set|frompath|{.substring||;|{.^#frompath.}/substring.}/set.}
frompath = "{.^frompath.}"
{.set|#frompath|{.replace|{.^frompath.};||{.^#frompath.}/replace.}/set.}
{.set|ip|{.substring||;|{.^#frompath.}/substring.}/set.}
ip = "{.^ip.}"
{.set|#frompath|{.replace|{.^ip.};||{.^#frompath.}/replace.}/set.}
{.set|user|{.substring||;|{.^#frompath.}/substring.}/set.}
user = "{.^user.}"
{.set|#frompath|{.replace|{.^user.};||{.^#frompath.}/replace.}/set.}
{.set|reply|{.substring||;|{.^#frompath.}/substring.}/set.}
reply = "{.^reply.}"
{.set|#frompath|{.replace|{.^reply.};||{.^#frompath.}/replace.}/set.}
Final = "{.^#frompath.}"
result give
Quote
Start = "http://127.0.0.1/test;127.0.0.255;MyName;Private message to the user;"
frompath = "http://127.0.0.1/test"
ip = "127.0.0.255"
user = "MyName"
reply = "Private message to the user"
Final = ""
everything is based only on the manipulation of the chains
another form of use if the number of elements is not known in advance
Quote
{.set|sep|;.}
{.set|#frompath|http://127.0.0.1/test{.^sep.}127.0.0.255{.^sep.}MyName{.^sep.}Private message to the user{.^sep.}/set.}
Start = "{.^#frompath.}"
{.set|tot|{.count substring|{.^sep.}|{.^#frompath.}.}/set.}
{.set|#nb|{.^tot.}.}
{.while| #nb | {:
{.set|tab[{.^#nb.}]|{.substring||{.^sep.}|{.^#frompath.}/substring.}/set.} {.set|#frompath|{.replace|{.^tab[{.^#nb.}].}{.^sep.}||{.^#frompath.}/replace.}/set.} {.dec|#nb.}
:}/while.}
total items = {.^tot.}
{.for|x|{.^tot.}|1|-1|{:
tab[{.^x.}] = {.^tab[{.^x.}].}:}/for.}
Quote
Start = "http://127.0.0.1/test;127.0.0.255;MyName;Private message to the user;"
total items = 4
tab[4] = http://127.0.0.1/test
tab[3] = 127.0.0.255
tab[2] = MyName
tab[1] = Private message to the user
or to have it in the real order
Quote
{.set|sep|;.}
{.set|#frompath|http://127.0.0.1/test{.^sep.}127.0.0.255{.^sep.}MyName{.^sep.}Private message to the user{.^sep.}/set.}
Start = "{.^#frompath.}"
{.set|tot|{.count substring|{.^sep.}|{.^#frompath.}.}/set.}
{.set|#nb|{.^tot.}.}
{.while| #nb | {:
{.set|idx|{.calc|{.^tot.}-{.^#nb.}+1.}/set.}
{.set|tab[{.^idx.}]|{.substring||{.^sep.}|{.^#frompath.}/substring.}/set.}
{.set|#frompath|{.replace|{.^tab[{.^idx.}].}{.^sep.}||{.^#frompath.}/replace.}/set.}
{.dec|#nb.}
:}/while.}
total items = {.^tot.}
{.for|x|1|{.^tot.}|{:
tab[{.^x.}] = {.^tab[{.^x.}].}:}/for.}
Quote
Start = "http://127.0.0.1/test;127.0.0.255;MyName;Private message to the user;"tab [ x ] is not a real array but a series of variables with different names "tab" + "[" + x + "]"
total items = 4
tab[1] = http://127.0.0.1/test
tab[2] = 127.0.0.255
tab[3] = MyName
tab[4] = Private message to the user
29
Programmers corner / Re: Template/events for QOS or traffic shaping.
« on: April 03, 2021, 01:40:03 PM »
under normal conditions if a download is interrupted the server sends the client a response with Not served: 503 - Overload, this is what should be reproduced instead of performing a sudden disconnection, perhaps a special section with a macro add header, I don't know more, on the other hand there is an event [download] but I don't know how to manage it
you have to look at the list of working variables even if it means creating variables {.set | # var1.} in the sections of the template to reuse them in the event as {. ^ var1.}
you have to look at the list of working variables even if it means creating variables {.set | # var1.} in the sections of the template to reuse them in the event as {. ^ var1.}
30
Everything else / Re: permission
« on: March 30, 2021, 11:05:09 AM »Thanks Mars!
Good to know that the feature was already built-in.
This is what happens when we skip school during basic HFS lessons, we don't know how it works,
the next time you start again you will be deprived of dessert for 1 week