Recent Posts

1

HFS ~ HTTP File Server / HFS v2.x security update AV validation

« Last post by danny on April 01, 2026, 01:11:21 AM »

Thanks! https://openai.com/codex/ seems useful to doublecheck scope of logged in users.   Also, I just had a workout to prevent false-positives from anti-virus. Those guys don't like free software (that industry tries to bill developers); but, I got the job done so that at least Microsoft (windows) and Google (browser) approve of the hfs.exe file.  Anyhow, the newest update that gets an 'okay' from more anti-virus, has exactly the same functions that it did before. 

Currently, I'm working on ways to decrease the workload of bot traffic. And, it is interesting that reduced logging workload can yield spare capacity for richer multimedia content; such as running several sites on one server with each having an individual custom appearance. 

2

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by rejetto on March 25, 2026, 08:53:53 AM »

I've just completed another round of security inspection and didn't find anything big.

i suggest you to install codex and ask it to find security bugs by also making a script to verify it's real and not just theory

3

HFS ~ HTTP File Server / Re: Shield for HFS 2

« Last post by rejetto on March 17, 2026, 09:54:28 AM »

you put a lot of effort into keeping hfs 2 working.
is that easier than using hfs 3 ?

4

HFS ~ HTTP File Server / Shield for HFS 2

« Last post by nivigor on February 11, 2026, 01:53:23 PM »

I've been using HFS 2.3x for a long time. Due to security concerns, I use a simple filtering reverse proxy server, https2http. The server only allows requests with certain query strings. By default, only the following queries are allowed: ?recursive, ?tpl=list&folders-filter=%5C&recursive, ?sort=t, ?sort=t&rev=1, ?sort=d, ?sort=d&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=s, ?sort=s&rev=1, ?sort=e, ?sort=e&rev=1.

However, https2http can work over the HTTPS protocol, but you'll need a domain name and certificates. Getting a free third-level domain name is easy. I got nivigor.mooo.com from FreeDNS. I get Let's Encrypt certificates automatically using Certbot. But certbot use an HTTP request to verify website ownership using a .well-known directory. That's why I use a redirect2https. For requests with the specified path, it can act as a file server, and it redirects other requests to an HTTPS server.
Now my HFS 2.3 is secure and works via the HTTPS protocol, accessible as https://nivigor.mooo.com, and certificates are updated automatically.

I've installed HFS 3 on NAS and will be trying it out slowly.

5

Everything else / registration

« Last post by rejetto on February 01, 2026, 04:24:08 PM »

guys, i've spent 2 hours trying to get emails working again on this forum, but to no avail.
now the it sends emails but they are empty.
things have changed both on my hosting service and on gmail (i used before, to send).
if someone needs an account, you can write to me a@rejetto.com and i'll make one with a temporary password that you can change later.
this seems to be the only way that won't open the doors to the spam bots.
that's it for the time being.

6

HFS ~ HTTP File Server / 2026 security update - Happy New Year!

« Last post by danny on December 23, 2025, 07:19:50 PM »

I've just completed another round of security inspection and didn't find anything big.
However, the update does spend less cpu time on bots, so it can serve more real people.

You can get the update at http://software.run.place  Includes several templates
Example notes updated.  HFS2.3N has translate.  Sturdy 2XF lite runs the distribution server.

There is also a mini  version available here.
It can run bigger templates just fine.

7

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by danny on December 14, 2025, 07:32:19 PM »

I agree that a multi-group discussion area is more sustainable, because more topics gets more proportion of actual people traffic.  I guess there's about 2000 HFS2X servers.  There are daily downloads of updated HFS2X, by real people, but not in large numbers.  So far as I know, HFS2X is the only windows server using its own code as the distribution server, without a CDN buffer.  The uses for HFS2X are niche:  The main specialty is to catalog a lot of files any way you want to.  The streaming-list beats the performance of list-before-draw and pagination schemes.  The HFS2X update is router-cooperative so it doesn't need speed-limit, yet it will find and list your files really fast. 

Anti-bot setup with HFS2x:   Currently, the zip with updated HFS2x includes a txt note with anti-bot filter examples you can use in Events (menu).  Also, templates are updated to decreased verbosity for fast recovery and less cpu time.  For files, a recommendable organization is Unbrowsable root folder (left panel, right click /, flags, uncheck browsable), for the purpose of access forwarded (to browseable subfolder) by DNS.  Currently, I have 5 websites (1 hfs server, 1 dynamic dns, and 5 forwarding address that help by specifying folder and port number); and the method is helpful if your ISP blocks port 80 (forwarder answers on 80 and sends to the real folder and port).  The template used by http://software.run.place is actually an edited stripes.tpl using the 'diff template' function to show just for that folder/site.  Also works is making a copy of either throwback.tpl or stripes.tpl named as hfs.diff.tpl putting it into a high volume (or public) folder for which the fast little template is helpful at saving cpu work and data. 

Except for a banip compatible router (or similar) with curated filter lists installed, there really isn't a 'one fell swoop' approach to dropping bot traffic.  Behavior filters, such as use real browser, ban hacky request, forward to a different port, unbrowsable root, can do a cumulative 12% apiece, approximately.  Not one thing will have a big effect, but the combination does.

8

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by Mars on December 13, 2025, 03:21:12 PM »

what I am about to say may perhaps sound hard to hear, but it is a reality

times change and people grow older, interests are no longer the same, and very often only nostalgics remain to remember the good old days. Even I have hung up my apron and now consult the forum only as a scrapbook of memories.

the desertification of the forum is mainly due to the absence of former members who no longer come, another reason is that the center of interest has migrated to HFS 3.0, which is accessible for possible exchanges on GitHub where an area is also dedicated to HFS2.x  [https://github.com/rejetto/hfs2](https://github.com/rejetto/hfs2)

the forum here is now closed to the validation of new members, this was a necessary decision because only fake profiles created by BOTs were registering, to give an estimate of the situation there is about a false inscription every 10mn on average in normal attendance at the quietest moments, if the activation of all these accounts were left free,

monitoring possible spam messages would take a lot of unnecessary time, moreover managing to identify a real future member among thousands of registrations is more than random, which is why the counter is closed.

from an external point of view, for a guest the forum can be consulted without restriction and all attachments are accessible, even those you provide; only usage feedback cannot be posted, however exchanges can be made on [https://github.com/rejecto/hfs2/discussions] (https://github.com/rejecto/hfs2/discussions)

9

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by danny on December 13, 2025, 05:52:06 AM »

There have been a couple of thousand downloads.  So, I'm curious why there are so few new posts on the forum.  Did that go out of style? 

10

HFS ~ HTTP File Server / HFS2.3M oldstyle "purist" edition

« Last post by danny on November 25, 2025, 01:47:12 PM »

For the improvement adverse:  Minimal change.  HFS-23-m-oldstyle.zip is available at http://software.run.place
Built fresh from HFS2.3M original source, adding Leo's macro security patch, and the exec macro is disabled. 

Not recommended for those new to HFS.   HFS-23-m-oldstyle is for those who wish to avoid/reduce change. 

The older style default template is still included internal to the program.   For somewhat more comfort (optional) there is a considerably more Efficient default.tpl included separately in the zip file; because, it is nice to have the option of. . . not crash during a bot attack. 

Edit:  Also compatible with a pre-2025 hfs.ini file; if you happened to have an old backup handy from original M or K (remember to exit before copying the ini file to the same folder as hfs.exe).  Using the old ini file will simply cause it to go back to work as expected.