Messages

1

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« on: September 08, 2025, 11:18:50 PM »

The K and N versions are in preservation mode (least change). 

For future needs, HFS2x requires a clean Lite version.
Then larger changes happen to only the Lite version.
This is actually protecting the K and N stable versions.

The Lite version has less features but is more suitable for odd jobs like serving 400,000 documents to mobile phones.

Edit 10.09.2025:
posted lite-2xc to http://software.run.place.
It works like a "K" version, of slightly higher capacity.

2

HFS ~ HTTP File Server / HFS v2.4, and security update By DANNY

« on: August 09, 2025, 02:58:45 AM »

Thanks Leo!   A lot of your suggestions were incorporated into these new versions.  I really would have been lost without your help with it. 
I do like the idea of supporting the many installs of HFS2x, by providing an option for stable and secure.

And now we have the HFS2.4 template, able to run on our stable and secure version of HFS 2x.
Contributors:  Rejetto, DJ, Rapid, NaitLee, Mars, LeoNeeson, SilentPliz, Danny, Bmartino

Large Folder Capable!  No Slow Paging!   It has a non-blocking streaming list.
Also has auto-ban for excessive 404/login; that doesn't apply to logged-in users.
HFS native upload pages used for data integrity and many-files upload capacity.
It has browser native icons and native javascript, for saving data and going fast.

Consider this an HFS2.3 > 2.4 adapter, because most of the work in 2.4 was the template itself.
*the template is in the zip files with security-patched HFS from http://software.run.place

3

HTML & templates / Re: The Throwback (retro) template. With large folder and mobile support.

« on: July 31, 2025, 09:43:19 PM »

New versions of Throwback are included in the .zip file with the security-patched editions of HFS.
https://rejetto.com/forum/index.php?topic=13703.0

4

HFS ~ HTTP File Server / HFS2.x security update 'p5' on suggestion from forum admin

« on: July 30, 2025, 10:30:16 PM »

The suggestion that I got, was (paraphrase):  Disable the .exec macro, to help folks sleep better at night. 

Although a collection of new filters still prevent macro run from remote... yet it is even more comfortable to know exactly what the .exec macro will do.
So, for "p5" (security patch level 5), the .exec macro function has been changed to make a log entry on-screen, and .exec does nothing else at all.

HFS2.3K_299p5 and HFS2.3N_301p5 are available http://software.run.place

P.S. 
The "K" has tighter timings ideal with the faster templates like throwback and stripes, or
The "N" has the language feature and longer timings to tolerate feature-filled templates.
These new 2025 editions are built from a cleaned-up and stable version of HFS.
Edit:  Now we might want to try for a community edition. 

5

HFS ~ HTTP File Server / Re: HFS v2.x By DANNY

« on: July 24, 2025, 12:22:18 AM »

HFS2.3N is released
And the server you'd download from is running the same version of HFS2.3N

It has:
Added security filter from Leo (result is auto ban) for hfs-specific
Added security filters from me (result inactivated) for unspecified
Added Leo's skip the loop filter for graph workload (no load if feature unused)
Added Leo's skip the loop filter for limiter workload (reduced load if feature unused)
Shielded archive links (logged-in users may archive, bots cannot)
Removed version "M" bugged headers mod (to avoid disrupting the data flow)
Removed operationally reliant hardcoded external reference (was outdated)

6

HFS ~ HTTP File Server / Re: HFS v2.x By DANNY

« on: July 11, 2025, 10:06:03 PM »

Speedup: 
locate hfs23-K-patched3.zip and you can test it out. 
http://software.run.place
It is running that same copy of HFS2.3K, with the macros on.

Thanks to Leo for help in bypassing the always-on limiters, and this prevents freezes.  Also, I raised the console TTL so the UI stays responsive. 

 Edit:  For round 3:  Thanks to Leo for updated code that blocks hfs-specific attack, in the .exe, without reliance on any particular template.  So, you can use any template that you want to.
 
Included in the zip file is now the legacy default template for HFS2.3M, and I have altered it slightly, so it can run well on the security-patched edition of HFS2.3K.  There is the unicode font added to the stylesheet, some necessary size adjustment, and it does not overwork the system icon code.

7

HFS ~ HTTP File Server / Re: HFS v2.x By DANNY

« on: July 09, 2025, 12:30:32 AM »

For patched version of HFS2.3K, I've added many layers of defense. . . and *Might have solved/reduced the gigabit freeze problem. 
http://software.run.place
locate hfs23-K-patched.zip and you can test it out. 
The site to download it, is running that same copy of HFS2.3K, with the macros on. 

8

HTML & templates / Re: Stripes, the template for simple and easy. Updated for security.

« on: July 05, 2025, 08:25:59 AM »

There is a vulnerability in HFS 2.3 and 2.4 that has been fixed
New versions of Stripes are included in the .zip file with (click here) the security-patched editions of HFS.

9

HFS ~ HTTP File Server / HFS v2.x security update By DANNY

« on: July 02, 2025, 04:30:29 PM »

Hi Leo!  Thanks for the reply.  Thanks for the compiling guide! 

Patched edition available at http://software.run.place

10

HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability possible fix?

« on: June 29, 2025, 09:36:35 PM »

Edit:  Here is an approach with Auto-Ban.   This will not catch everything--keep scrolling, several posts further down.
in hfs.events (alt+f6)

Code: [Select]

[+request]
{.if|{.match|*filter=*.exec*;*search=*.exec*;*.exec*;*%host%*;*_host_*;*cmd.exe*;*&cmd=*;*powershell+*;*/wp-includes/*|%url%.}|{:
{.set|n|{.from table|#tries|%ip%.}.}{.inc|n.}{.set table|#tries|%ip%={.^n.}.}
{.if|{.{.^n.} > 0.}|{:
{.set ini|ban-list={.no pipe|{.from table|#ini|ban-list.}%ip%#AutoBan {.time.}.}.}{.set table|#tries|%ip%=0.}
:}/if.}
{.disconnect.}{.add to log|%ip% %user% BANNED FOR POSSIBLE SECURITY THREAT.}:}.}Note:  This is possibly useful in combination with the TINYWALL firewall project, an egress blocking firewall, whereby you'd let through (allow) your web browser, HFS (possibly unblock lan), and very little else.  Newer version or there is also older version (for older server).

11

Beta / Re: version 2.4

« on: October 27, 2022, 11:07:51 PM »

. . . it just stops taking new connections, switching the server off and then on fixes it, i couldn't find why this happens and had to resort to run a script that checks 24x7 if hfs is not accepting downloads and kills it and runs it again.

Do you use the Watchcat2 script? https://rejetto.com/forum/index.php?action=dlattach;topic=12055.0;attach=9809

The stuck/off server is made worse by running limits (hfs menu > limits) that make HFS get more busy and stuck more often.
The Worst is Speed limit.  Instead of HFS speed limit, you could spend 3 dollars on a 100 megabit USB2 adapter, assign it a fixed address and assign HFS to the megabit>USB adapter's ip address.   If you were to accidentally get a gigabit adapter, (and therefore get stuck), just go to properties of the network adapter and manually set 100-half.  This also applies to single-thread versions of most web servers. 

Upload and download at the same time will probably get stuck If the connection speed is high.  Perhaps a clever programmer could figure out complete lockout/tagout logic to thoroughly prevent simultaneous uploads+downloads?  The problem is not severe at 100megabit and lower speeds. 

Edit: HFS2.4 RC7 has 'archive-only-selected' for overload protection; however, earlier versions can try to download the entire server with just one click on the archive button (stuck in 1 click).  Possible fixes include search and disable the recursive function. . . Or switch to the RC7 template or takeback or throwback or stripes.  Since the archive feature makes .tar files that the user doesn't want, removing the archive button is an option. 

EDIT:  See HFS 3 https://github.com/rejetto/hfs

12

HFS ~ HTTP File Server / Re: a new beginning...

« on: January 14, 2022, 02:45:11 PM »

...It's not even a problem of "it's hard to edit it" because you almost CAN'T do it. You are not supposed to, because it's against the kind of technology used there. That's why I'm trying to do the job through plugins.
Editing the template was a big plus of HFS2, but also a huge problem...with consequences on functionality...

I think that the plugins method in HFS3 is a great improvement.

Comparison, I think:
HFS2x standalone templates = get the new feature you wanted but lose 3 more, or
HFS3x plugins = get the new feature you wanted, without losing other features. 

That is a lot different.  Thanks!!

13

HTML & templates / Re: Stripes, the template for simple and easy.

« on: January 14, 2022, 02:08:16 PM »

What happened with Stripes4.6c_Black

The dark theme was anti-purpose; because Stripes is supposed to be a professional-looking clear clean easy view. 
It was also difficult to update 4 separate files.  For more options, on Line 5 is body{background:#E6EBFA where you could edit for any background...

14

HTML & templates / Re: About "hits"

« on: January 13, 2022, 09:12:15 PM »

nice suggestion,  i will consider unicode icons as a fallback

It is the way. 
🐈

15

HTML & templates / Re: Stripes, the template for simple and easy

« on: January 13, 2022, 07:49:08 PM »

If you wanted to streamline/speed one folder (such as a Public/Guest folder or enormous/unorganized folder), you can so easily rename the Stripes template file to hfs.diff.tpl (if your Windows is not set to show .extensions then rename the template to hfs.diff); and then, save it into that particularly needy folder. 
This idea works even if the majority of your server didn't use Stripes.