Recent Posts

1

HFS ~ HTTP File Server / HFS2x Update Project Complete

« Last post by danny on April 01, 2026, 01:11:21 AM »

Thanks!  However, this particular project completed satisfactorily. 
Approximately 4000 of HFS2x servers are updated.
The lite version keeps up with 300+ megabit fiber internet.
It is very conservative with drive access, for compatibility with mechanical drives.
It is easy to do significant appearance customization without creating software code to do so.
CVE's blocked, performance doubled, limits validated, crash bug deleted, on/off bug bypassed, exec disabled.

Download Links:
The same lite version running my server:  https://startfetch.com/hfs/HFS2x_2026.zip
Also available:  a translate version (the link is http) 'drop-in' update for HFS2.3.

Or HFS Lite S (most popular) or HFS Lite T that are are stored on the forum at 1/2 megabyte size; Use peazip or zpaq to uncompress.

Notes:
1). This lite version has a small efficient onboard template.  A collection of larger templates for HFS Lite, is attached below.  If you have a large template set as primary, you can still use others this way:  The view can be customized, such as make a copy of stripes or throwback, named hfs.diff.tpl and dropping that in a folder, can change the view for that particular folder.  The method is handy for a clean straightforward distribution folder. 
2). Good security practice for HFS2x is to make the root folder non-browsable.  To achieve it:  Look at the left-side panel 'Virtual File System' (vfs), Right-click (house icon) / and then properties. Of the tabs at the top of the properties menu, choose Flags, and clear the Browsable checkbox.  And, then make a browsable subfolder (preferably password protected).  For access, you could just type the subfolder-name after your dynamic dns address, Or, it is possible to refer to that subfolder by an online redirector/frameset. 

2

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by rejetto on March 25, 2026, 08:53:53 AM »

I've just completed another round of security inspection and didn't find anything big.

i suggest you to install codex and ask it to find security bugs by also making a script to verify it's real and not just theory

3

HFS ~ HTTP File Server / Re: Shield for HFS 2

« Last post by rejetto on March 17, 2026, 09:54:28 AM »

you put a lot of effort into keeping hfs 2 working.
is that easier than using hfs 3 ?

4

HFS ~ HTTP File Server / Shield for HFS 2

« Last post by nivigor on February 11, 2026, 01:53:23 PM »

I've been using HFS 2.3x for a long time. Due to security concerns, I use a simple filtering reverse proxy server, https2http. The server only allows requests with certain query strings. By default, only the following queries are allowed: ?recursive, ?tpl=list&folders-filter=%5C&recursive, ?sort=t, ?sort=t&rev=1, ?sort=d, ?sort=d&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=s, ?sort=s&rev=1, ?sort=e, ?sort=e&rev=1.

However, https2http can work over the HTTPS protocol, but you'll need a domain name and certificates. Getting a free third-level domain name is easy. I got nivigor.mooo.com from FreeDNS. I get Let's Encrypt certificates automatically using Certbot. But certbot use an HTTP request to verify website ownership using a .well-known directory. That's why I use a redirect2https. For requests with the specified path, it can act as a file server, and it redirects other requests to an HTTPS server.
Now my HFS 2.3 is secure and works via the HTTPS protocol, accessible as https://nivigor.mooo.com, and certificates are updated automatically.

I've installed HFS 3 on NAS and will be trying it out slowly.

5

Everything else / registration

« Last post by rejetto on February 01, 2026, 04:24:08 PM »

guys, i've spent 2 hours trying to get emails working again on this forum, but to no avail.
now the it sends emails but they are empty.
things have changed both on my hosting service and on gmail (i used before, to send).
if someone needs an account, you can write to me a@rejetto.com and i'll make one with a temporary password that you can change later.
this seems to be the only way that won't open the doors to the spam bots.
that's it for the time being.

6

HFS ~ HTTP File Server / 2026 security update - Happy New Year!

« Last post by danny on December 23, 2025, 07:19:50 PM »

I've just completed another round of security inspection and didn't find anything big.
However, the update does spend less cpu time on bots, so it can serve more real people.

The new Lite version is available here.
It can run bigger templates just fine.

7

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by danny on December 14, 2025, 07:32:19 PM »

I agree that a multi-group discussion area is more sustainable, because more topics gets more proportion of actual people traffic.  I guess there's about 2000 HFS2X servers.  There are daily downloads of updated HFS2X, by real people, but not in large numbers.  So far as I know, HFS2X is the only windows server using its own code as the distribution server, without a CDN buffer.  The uses for HFS2X are niche:  The main specialty is to catalog a lot of files any way you want to.  The streaming-list beats the performance of list-before-draw and pagination schemes.  The HFS2X update is router-cooperative so it doesn't need speed-limit, yet it will find and list your files really fast. 

Anti-bot setup with HFS2x:   Currently, the zip with updated HFS2x includes a txt note with anti-bot filter examples you can use in Events (menu).  Also, templates are updated to decreased verbosity for fast recovery and less cpu time.  For files, a recommendable organization is Unbrowsable root folder (left panel, right click /, flags, uncheck browsable), for the purpose of access forwarded (to browseable subfolder) by DNS.  Currently, I have 5 websites (1 hfs server, 1 dynamic dns, and 5 forwarding address that help by specifying folder and port number); and the method is helpful if your ISP blocks port 80 (forwarder answers on 80 and sends to the real folder and port).  You can make a copy of either throwback.tpl or stripes.tpl named as hfs.diff.tpl putting it into a high volume (or public) folder for which the fast little template is helpful at saving cpu work and data. 

Except for a banip compatible router (or similar) with curated filter lists installed, there really isn't a 'one fell swoop' approach to dropping bot traffic.  Behavior filters, such as use real browser, ban hacky request, forward to a different port, unbrowsable root, can do a cumulative 12% apiece, approximately.  Not one thing will have a big effect, but the combination does.

8

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by Mars on December 13, 2025, 03:21:12 PM »

what I am about to say may perhaps sound hard to hear, but it is a reality

times change and people grow older, interests are no longer the same, and very often only nostalgics remain to remember the good old days. Even I have hung up my apron and now consult the forum only as a scrapbook of memories.

the desertification of the forum is mainly due to the absence of former members who no longer come, another reason is that the center of interest has migrated to HFS 3.0, which is accessible for possible exchanges on GitHub where an area is also dedicated to HFS2.x  [https://github.com/rejetto/hfs2](https://github.com/rejetto/hfs2)

the forum here is now closed to the validation of new members, this was a necessary decision because only fake profiles created by BOTs were registering, to give an estimate of the situation there is about a false inscription every 10mn on average in normal attendance at the quietest moments, if the activation of all these accounts were left free,

monitoring possible spam messages would take a lot of unnecessary time, moreover managing to identify a real future member among thousands of registrations is more than random, which is why the counter is closed.

from an external point of view, for a guest the forum can be consulted without restriction and all attachments are accessible, even those you provide; only usage feedback cannot be posted, however exchanges can be made on [https://github.com/rejecto/hfs2/discussions] (https://github.com/rejecto/hfs2/discussions)

9

HFS ~ HTTP File Server / Re: HFS v2.x security update By DANNY

« Last post by danny on December 13, 2025, 05:52:06 AM »

There have been a couple of thousand downloads.  So, I'm curious why there are so few new posts on the forum.  Did that go out of style? 

10

Everything else / Re: Saying Hi again :)

« Last post by rejetto on November 18, 2025, 07:17:58 AM »

i'm glad to see you again and well
good luck with your projects!