Changing HTTP response header

[LeoNeeson]

OK, I've started a new thread to keep this organized. This post started here, and the question was: How to change the HTTP response header "Server" (or any other string in the header) using Macros? ("Server" is a string that displays the name of the server, and it shows the HFS version). If you don't know what I'm talking about, use a Download Manager that show this info (for example, I'm using FlashGet).

Suggestions and examples are welcome.

[LeoNeeson]

@Mars: Using your macro code, here are my tests. I edit the default template, by going to Menu > HTML Template > Edit... using HFS in Expert mode (or by pressing F6). Then, I put your code after this:

Code: [Select]

[+special:strings]
option.paged=1
COMMENT this option causes your file list to be paged by default
And also tried to put it in [special:begin] but it was the same.

In your code, I've changed what is marked in red here (just for testing):

    if name = 'HFS' then
      if satisfied(md.cd) then
        begin
        result:='Apache';

...and the result is: this is not working.

I guess this is because I'm inserting your code in a wrong place, or because what I've changed was not right. It would be great if you have an example or say me WHERE to put your code, and WHAT to change (marking it in red).

Thank you.

[bmartino1]

http://www.rejetto.com/wiki/index.php?title=HFS:_scripting_commands

it looks like your were trying to run a program on the satisfied string/Boolean value...

i would assume that execute will be played here...

from what i learned and what has been found on the forum by other users, the special string

Code: [Select]

[+special:strings]
option.paged=1
COMMENT this option causes your file list to be paged by default
Goes into the default template for all sites, or the (house) root properties "different template tab" of a folder...

so it also looks like your trying to start and stop an Apache sided server (to fulfill) plugins when a specific request is sent. so make HFS have all its tricks, but when something like php, have it switch to Apache...) something like that...

either way, i think mars/rejeto/silentplz/raybob would be better help for you in regards to scripting at a certain request...
I believe that is something that has to be made in the source, not the macro scripts or the templates...

[LeoNeeson]

Thanks bmartino1, but no, it doesn't have anything to do with Apache or running a program. This is how HFS identifies itself when someone get/download a file from our server. This is also being called as Server Signature (similar to browser's User Agent). This is a HTTP header value.

When some does a HTTP request to a file, HFS identifies itself as:

Code: [Select]

Server: HFS 2.3h
The same way, Apache server identifies itself as:

Code: [Select]

Server: Apache/2.2.17 (Win32) PHP/5.2.17
You may wonder why you may want to change this? The answer is simple: "just for fun" or "to protect our server" (since each version -of almost any server- has some deficiencies that could be exploited, and a hacker who knows your version number may benefit from it by focused attacks). You may read about this here (they talk there about Apache in that article, but the "server signature" also exist on HFS, and on almost every server).

You can test any Server Signature here: http://security.firewallmonitor.org/

Well, I expect mars/rejetto/silentplz/raybob have an answer for this, I mean a macro to change this value (or any other HTTP header value).

[Mars]

How to change the HTTP response header "Server" (or any other string in the header) using Macros?

After unsuccessfully sought an outcome by changing the Delphi code, it appeared that the solution was simple.
anywhere in the template, it is possible to add a header using a macro as follows model

{.add header|A: B, C, D.}

an example give Cache-Control: no-cache, no-store, must-revalidate, max-age=-1

if a previous header exist as  A: F then the final header become A: F, B, C, D

using macro {.add header|Server: APACHE.} give as result Server: HFS 2.3h, APACHE

if you want to remove this HFS + version that annoy you, this is not feasible using a macro

go to menu > other options, and uncheck "Send HFS Identifier"

 

[LeoNeeson]

go to menu > other options, and uncheck "Send HFS Identifier"

Tested and working!

anywhere in the template, it is possible to add a header using a macro as follows model
using macro {.add header|Server: APACHE.} give as result Server: HFS 2.3h, APACHE

That doesn't work...

Adding this {.add header|Server: Apache.} or any other string, doesn't have any effect on the HTTP header.

Where do you added? (have you tested it?). You said "any place" in the template, but it doesn't work if I put it anywhere. I've tested having the "Send HFS Identifier" option enabled and disabled, but it's the same. I've tried putting that in the [special:begin] section, but it's the same. Reading the Wiki, it should work, but it doesn't.

[Mars]

I'm watching the headers send by HFS using the plugin HttpFox under Firefox and the macro behavior is correct, tested with default template of hfs 2.3h

it seems that occasionally the added header is not effective. to check its proper implementation I included in a log macro

Code: [Select]

[+]
{.add to log|{.add header|Server:APACHE.}Macro ADD HEADER executed.}
HFS log:
14:45:23 127.0.0.1:1846 Macro ADD HEADER executed

HttpFox report:
(Status-Line)   HTTP/1.1 200 OK
Content-Type   text/html
Content-Length   2104
Accept-Ranges   bytes
Cache-Control   no-cache, no-store, must-revalidate, max-age=-1
Server   APACHE
Content-Encoding   gzip

[LeoNeeson]

Code: [Select]

[+]
{.add to log|{.add header|Server:APACHE.}Macro ADD HEADER executed.}

It's very odd, it doesn't even get that logged ("Macro ADD HEADER executed" is not showing in the HFS log). I've added your code before [+special:strings] and tried several times, saving and restarting HFS, but it's not working and that text is not shown in the logs. Maybe it's because I'm using Windows XP?...

Tested using HttpFox and FlashGet, but that text ("Macro ADD HEADER executed") doesn't get logged. And it should get logged if the macro is executed, right?... Very strange...

Here's the HttpFox report:

Code: [Select]

(Status-Line) HTTP/1.1 200 OK
Content-Type application/octet-stream
Content-Range bytes 25305088-25305813/25305814
Content-Length 726
Accept-Ranges bytes
Server HFS 2.3h
Last-Modified Fri, 22 Jan 2016 09:35:26 GMT
Content-Disposition attachment; filename="Test.rar";
HFS log:

22:15:25 127.0.0.1:1776 Requested GET /Folder/Test.rar
22:15:25 127.0.0.1:1776 Fully downloaded - 726 @ 44.3 KB/s - /Folder/Test.rar

Well, don't worry, maybe it's easier if Rejetto add an option in the HFS.ini to customize the Server name (and the cookie name). But that's if he wants and have free time (since it's not an important feature).

Thank you anyway Mars.
If anyone comes with another macro solution (or where to write it), it's welcome.

Cheers,
Leo.-

[Mars]

Code: [Select]

[+]
{.add to log|{.add header|Server:APACHE.}Macro ADD HEADER executed.}
a section named [A] may have several sections called [+ A], but those should be placed after this one

Code: [Select]

[] is the main section, his child section

Code: [Select]

[+ ] must be added  after this one in the template,  never before otherwise it will be ignored

Tested using HttpFox and FlashGet, but that text ("Macro ADD HEADER executed") doesn't get logged. And it should get logged if the macro is executed, right?... Very strange...

I found the same problem, I guess you have edited the template using the F6 key from HFS, which runs NP ++,

this is not the best way because as it NP++ causes loss of hfs.tpl file is renamed to a temporary file by np ++, then hfs uses the internal default template

I suggest you to edit the template directly by loading the file  hfs.tpl in NP ++, each refresh of web page force HFS to nalysis the file date to determine whether an update of the model was carried out and if it does recharge it the file to replace the model cached
----------
HFS has a light youthful fault with headers, I have a solution but I must expose the problem to Rejetto to correct it and extend the functionality of the ADD HEADER macro, so that its functioning is correct.

PS:
Look at your mailbox sending a zip (template + exe) passed trough virscan.org without virus 

[LeoNeeson]

a section named [A] may have several sections called [+ A], but those should be placed after this one

Good to know, I didn't know that.

I found the same problem, I guess you have edited the template using the F6 key from HFS, which runs NP ++,

That's right, I was using F6 to edit the template. From now on, I'll close HFS first, and then I'll open the template with NP++, to be sure.

HFS has a light youthful fault with headers, I have a solution but I must expose the problem to Rejetto to correct it and extend the functionality of the ADD HEADER macro, so that its functioning is correct.

PS:
Look at your mailbox sending a zip (template + exe) passed trough virscan.org without virus 

Good. (I guess this message was for Rejetto, right?)

[LeoNeeson]

Are there any news on this?...

[Mars]

Have a look at this beta version

NOTE:
Specially to have the head 'Server: HFS 2.3' replaced by the desired value in all reply requests, do not add it into the template, but put it in the events file hfs.events at section

Code: [Select]

[pre-filter-request]
{.add header|Server:HFS LeoNeeson.}

[LeoNeeson]

Cool! It's working perfect!

I don't know what you changed in the source code, but you should submit the changes to Rejetto, so he can include it in the next version. Nice work!.

[RedyAu]

Hi!
I believe "necroposting" may be forgiven this time, as I think this might be a relevant question for anyone finding this in the future.
The above described way of setting a response header for the whole page in general works, but it doesn't "cascade" to all files contained within.
I have a constantly updating image on this link:
.
 What I'd like to do is set a no-cache header so that I can use it on other sites and not have it cached, so it updates.
Is there any way to achieve per-file header settings, or just a way to set headers returned for all files? I wouldn't mind all files served with this header either.

[danny]

Here is the events file that I use to cause caching
At hfs console, press Alt+F6 to edit events file

Code: [Select]

[+request]
{.if|{.match|*.jpg;*.JPG;*.jpeg;*.gif;*.png;*.ico;*.mp3;*.mp4;*.mkv;/*img*;*.js|%url%.}|{:{.add header|Cache-Control: public, max-age=604800.}{.add header|Vary: Accept-Encoding.}:}.}
for no cache {.add header|Cache-Control: no-cache, max-age=0.}