Recent Posts

1

HFS ~ HTTP File Server / Re: Shield for HFS 2

« Last post by danny on Today at 02:52:09 PM »

To make all of your icons show on page load:  Limits menu > Prevent leeching > disable/uncheck
That will allow more download concurrency so the *.gif icons and chat frame can be sent simultaneously.
Probably also right click vfs (house icon) at the console, properties > file masks > add to don't consider as download  ;*.gif;*.js 
And, for that template, console Menu > VirtualFileSystem > use system icons > disable/uncheck  (when template doesn't use that)

I hadn't seen the chat-enabled version of HFS before.  Very cool!
The older template attached to that post has been converted to unicode icons, avoiding separate files.  I converted it so that a busy server could keep more capacity to send files.  Perhaps that gives an example on how to convert your template so it uses less requests per page view. 

P.S.
Thanks for making available the HTTPS converter and filter.  I like the whitelist approach.  When I made the security & stability updates for HFS2.3K,M,N, 2xF, then I also had to require login for archive, to stop bots from making hundreds of .tar files.  I wouldn't suggest a default of both recursive and archive, unless the user is logged in. 

2

HFS ~ HTTP File Server / Shield for HFS 2

« Last post by nivigor on February 11, 2026, 01:53:23 PM »

I've been using HFS 2.3x for a long time. Due to security concerns, I use a simple filtering reverse proxy server, https2http. The server only allows requests with certain query strings. By default, only the following queries are allowed: ?recursive, ?tpl=list&folders-filter=%5C&recursive, ?sort=t, ?sort=t&rev=1, ?sort=d, ?sort=d&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=s, ?sort=s&rev=1, ?sort=e, ?sort=e&rev=1.

However, https2http can work over the HTTPS protocol, but you'll need a domain name and certificates. Getting a free third-level domain name is easy. I got nivigor.mooo.com from FreeDNS. I get Let's Encrypt certificates automatically using Certbot. But certbot use an HTTP request to verify website ownership using a .well-known directory. That's why I use a redirect2https. For requests with the specified path, it can act as a file server, and it redirects other requests to an HTTPS server.
Now my HFS 2.3 is secure and works via the HTTPS protocol, accessible as https://nivigor.mooo.com, and certificates are updated automatically.

I've installed HFS 3 on NAS and will be trying it out slowly.

3

Everything else / registration

« Last post by rejetto on February 01, 2026, 04:24:08 PM »

guys, i've spent 2 hours trying to get emails working again on this forum, but to no avail.
now the it sends emails but they are empty.
things have changed both on my hosting service and on gmail (i used before, to send).
if someone needs an account, you can write to me a@rejetto.com and i'll make one with a temporary password that you can change later.
this seems to be the only way that won't open the doors to the spam bots.
that's it for the time being.

4

HFS ~ HTTP File Server / 2026 security update - Happy New Year!

« Last post by danny on December 23, 2025, 07:19:50 PM »

I've just completed another round of security inspection and didn't find anything big.
However, the update does spend less cpu time on bots, so it can serve more real people.

You can get the update at http://software.run.place  Includes several templates
HFS2.3N has translate.  Sturdy 2XF lite runs the distribution server.

There is also a mini  version available here.
It can run bigger templates just fine.

5

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by danny on December 14, 2025, 07:32:19 PM »

I agree that a multi-group discussion area is more sustainable, because more topics gets more proportion of actual people traffic.  I guess there's about 2000 HFS2X servers.  There are daily downloads of updated HFS2X, by real people, but not in large numbers.  So far as I know, HFS2X is the only windows server using its own code as the distribution server, without a CDN buffer.  The uses for HFS2X are niche:  The main specialty is to catalog a lot of files any way you want to.  The streaming-list beats the performance of list-before-draw and pagination schemes.  The HFS2X update is router-cooperative so it doesn't need speed-limit, yet it will find and list your files really fast. 

Anti-bot setup with HFS2x:   Currently, the zip with updated HFS2x includes a txt note with anti-bot filter examples you can use in Events (menu).  Also, templates are updated to decreased verbosity for fast recovery and less cpu time.  For files, a recommendable organization is Unbrowsable root folder (left panel, right click /, flags, uncheck browsable), for the purpose of access forwarded (to browseable subfolder) by DNS.  Currently, I have 5 websites (1 hfs server, 1 dynamic dns, and 5 forwarding address that help by specifying folder and port number); and the method is helpful if your ISP blocks port 80 (forwarder answers on 80 and sends to the real folder and port).  The template used by http://software.run.place is actually an edited stripes.tpl using the 'diff template' function to show just for that folder/site.  Also works is making a copy of either throwback.tpl or stripes.tpl named as hfs.diff.tpl putting it into a high volume (or public) folder for which the fast little template is helpful at saving cpu work and data. 

Except for a banip compatible router (or similar) with curated filter lists installed, there really isn't a 'one fell swoop' approach to dropping bot traffic.  Behavior filters, such as use real browser, ban hacky request, forward to a different port, unbrowsable root, can do a cumulative 12% apiece, approximately.  Not one thing will have a big effect, but the combination does.

6

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by Mars on December 13, 2025, 03:21:12 PM »

what I am about to say may perhaps sound hard to hear, but it is a reality

times change and people grow older, interests are no longer the same, and very often only nostalgics remain to remember the good old days. Even I have hung up my apron and now consult the forum only as a scrapbook of memories.

the desertification of the forum is mainly due to the absence of former members who no longer come, another reason is that the center of interest has migrated to HFS 3.0, which is accessible for possible exchanges on GitHub where an area is also dedicated to HFS2.x  [https://github.com/rejetto/hfs2](https://github.com/rejetto/hfs2)

the forum here is now closed to the validation of new members, this was a necessary decision because only fake profiles created by BOTs were registering, to give an estimate of the situation there is about a false inscription every 10mn on average in normal attendance at the quietest moments, if the activation of all these accounts were left free,

monitoring possible spam messages would take a lot of unnecessary time, moreover managing to identify a real future member among thousands of registrations is more than random, which is why the counter is closed.

from an external point of view, for a guest the forum can be consulted without restriction and all attachments are accessible, even those you provide; only usage feedback cannot be posted, however exchanges can be made on [https://github.com/rejecto/hfs2/discussions] (https://github.com/rejecto/hfs2/discussions)

7

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by danny on December 13, 2025, 05:52:06 AM »

There have been a couple of thousand downloads.  So, I'm curious why there are so few new posts on the forum.  Did that go out of style? 

8

HFS ~ HTTP File Server / HFS2.3M oldstyle "purist" edition

« Last post by danny on November 25, 2025, 01:47:12 PM »

For the improvement adverse:  Minimal change.  HFS-23-m-oldstyle.zip is available at http://software.run.place
Built fresh from HFS2.3M original source, adding Leo's macro security patch, and the exec macro is disabled. 

Not recommended for those new to HFS.   HFS-23-m-oldstyle is for those who wish to avoid/reduce change. 

The older style default template is still included internal to the program.   For somewhat more comfort (optional) there is a considerably more Efficient default.tpl included separately in the zip file; because, it is nice to have the option of. . . not crash during a bot attack. 

Edit:  Also compatible with a pre-2025 hfs.ini file; if you happened to have an old backup handy from original M or K (remember to exit before copying the ini file to the same folder as hfs.exe).  Using the old ini file will simply cause it to go back to work as expected. 

9

Everything else / Re: Saying Hi again :)

« Last post by rejetto on November 18, 2025, 07:17:58 AM »

i'm glad to see you again and well
good luck with your projects!

10

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by danny on November 16, 2025, 05:18:13 PM »

Enjoy summer break!  Perfect timing.  I need to hunt for a better job this season.  HFS is doing fine because there's nothing to fix other than keeping ahead of new browser changes. 

The development/lite version finally showed the progress it was made for--At version 2XF, features can be added to it and it will still run stable.  Thanks for the advice on WinMerge, to analyze differences.  Very helpful!   

Edit:  In December, there's some template updates for dealing with internet noise/bots more efficiently.  https://cybernews.com/security/scam-bots-hitting-website-can-lead-to-financial-loss/  There is also a little txt file included with some bot filter examples for hfs events (menu).   The events filters have been working well for the download server.