I've been using HFS 2.3x for a long time. Due to security concerns, I use a simple filtering reverse proxy server,
https2http. The server only allows requests with certain query strings. By default, only the following queries are allowed:
?recursive, ?tpl=list&folders-filter=%5C&recursive, ?sort=t, ?sort=t&rev=1, ?sort=d, ?sort=d&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=s, ?sort=s&rev=1, ?sort=e, ?sort=e&rev=1.
However, https2http can work over the HTTPS protocol, but you'll need a domain name and certificates. Getting a free third-level domain name is easy. I got nivigor.mooo.com from
FreeDNS. I get Let's Encrypt certificates automatically using Certbot. But certbot use an HTTP request to verify website ownership using a .well-known directory. That's why I use a
redirect2https. For requests with the specified path, it can act as a file server, and it redirects other requests to an HTTPS server.
Now my HFS 2.3 is secure and works via the HTTPS protocol, accessible as
https://nivigor.mooo.com, and certificates are updated automatically.
I've installed HFS 3 on NAS and will be trying it out slowly.
