rejetto forum

Shield for HFS 2

nivigor · 2 · 639
« previous next »
Pages: 1

0 Members and 1 Guest are viewing this topic.

Offline nivigor

  • Occasional poster
  • *
    • Posts: 2
    • View Profile
on: February 11, 2026, 01:53:23 PM
I've been using HFS 2.3x for a long time. Due to security concerns, I use a simple filtering reverse proxy server, https2http. The server only allows requests with certain query strings. By default, only the following queries are allowed: ?recursive, ?tpl=list&folders-filter=%5C&recursive, ?sort=t, ?sort=t&rev=1, ?sort=d, ?sort=d&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=n, ?sort=n&rev=1, ?sort=s, ?sort=s&rev=1, ?sort=e, ?sort=e&rev=1.

However, https2http can work over the HTTPS protocol, but you'll need a domain name and certificates. Getting a free third-level domain name is easy. I got nivigor.mooo.com from FreeDNS. I get Let's Encrypt certificates automatically using Certbot. But certbot use an HTTP request to verify website ownership using a .well-known directory. That's why I use a redirect2https. For requests with the specified path, it can act as a file server, and it redirects other requests to an HTTPS server.
Now my HFS 2.3 is secure and works via the HTTPS protocol, accessible as https://nivigor.mooo.com, and certificates are updated automatically.

I've installed HFS 3 on NAS and will be trying it out slowly.

Offline danny

  • Tireless poster
  • ****
    • Posts: 298
    • View Profile
Reply #1 on: Today at 02:52:09 PM
To make all of your icons show on page load:  Limits menu > Prevent leeching > disable/uncheck
That will allow more download concurrency so the *.gif icons and chat frame can be sent simultaneously.
Probably also right click vfs (house icon) at the console, properties > file masks > add to don't consider as download  ;*.gif;*.js 
And, for that template, console Menu > VirtualFileSystem > use system icons > disable/uncheck  (when template doesn't use that)

I hadn't seen the chat-enabled version of HFS before.  Very cool!
The older template attached to that post has been converted to unicode icons, avoiding separate files.  I converted it so that a busy server could keep more capacity to send files.  Perhaps that gives an example on how to convert your template so it uses less requests per page view. 

P.S.
Thanks for making available the HTTPS converter and filter.  I like the whitelist approach.  When I made the security & stability updates for HFS2.3K,M,N, 2xF, then I also had to require login for archive, to stop bots from making hundreds of .tar files.  I wouldn't suggest a default of both recursive and archive, unless the user is logged in. 
« Last Edit: Today at 02:57:50 PM by danny »

Pages: 1