Home | Forum | License | FAQ | Donation |
| If server works it's available:Users & Virtual Hosts Current statistics (Last version, Forum, etc.) Download Web Mail An external script gives Web intrface for working with mail Download Sendmail emulator Donation Contacts: |
This very small utility turns your computer into a fully functional Web-server, Mail server, DNS server, FTP server, DHCP server and HTTPS VPN server. The program itself requires a minimal set of system resources, so the server's functioning doesn't influence your computer's performance. This server can function under a LAN networking or even under a Dial-Up networking. Webmasters can run this utility on their local computers and debug their CGI-scripts without going on-line.
This is probably the smallest HTTP server, but you shouldn't
underestimate its capabilities.
ASIS files also support. Those files content HTTP header in the beginning.
Such files are being used for redirect inbound request to other site. This
file must begins with keyword "Status: " after this returning code and your
header is going. After header one line is empty, and data. Extension must be
.asi or .asis
Parametr and comment | Key |
General Setting | |
Disable icon in notification area. Don't add icon into systrey (server's window always in back). In this case to get access to administration dialog box you must: To get server window you can press Ctrl-Alt-Del to open task manager, in task manager select HTTP, and try to kill it. Server will ask you "Do you want to close HTTP server?", -- If you reply "No" server show window. In server window's select system menu (Right button on title) and select advanced item "Server" Also if server is runed as NT service you may open server's window by Pause/Continue button in Service Control Manatger. | noicon |
Minimize on startup. | hide |
Create detailed log for POP/SMTP/FTP. (By default only basic events are added to the log). | detail |
Disable saving log. | nolog |
Log filename. | log=name.log |
Create a daily log (new log created after each day).It's necessary to get statistics for a day. Server will every day rename old log file (add date to name). It's necessary to get statistics for a day. | logday |
Separate log for each server | seplog |
Don't out error stream (STDERR) from CGI scripts to remote users | noerrout |
Dublicate CGI stderr to http.err log | dupstderr |
Add to log debug info from logical expresion in SSI and Antivirus/Forward files | dbgle |
Enable remote administration. Otherwise, only statistics will be available for administrators. | radmin |
Number of simultaneous requests from each host. You can restrict number of simulate request from the same host. Usually one browser creates four simulate connections. Some browsers try to create much more simulate connections. This restriction includes all TCP connections (HTTP,FTP,POP,SMTP,Proxy) | from_same_host=## |
No restrict the number of simultaneous connections from each host | nofrom_same_host |
Minimum connection speed to detect a DoS attack over a large number of slow connections. (KBytes/minute). Zero to disable checking. | dos_protect_speed=value |
Don't trim log lines | nolimitlog |
Limit the length of the log lines The length of each line should not exceed this value | limitlog=value |
IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. | ip_range={#.#.#.#[-#.#.#.#],} |
Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | ip_deny={#.#.#.#[-#.#.#.#],} |
IPv6 IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. ::1,FE80::-FEFF:: | ip6_range=value |
IPv6 Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | ip6_deny=value |
Don't save uncrypted passwords in config file | cryptpwd |
Remove passwords from the log | delpwd |
Save passwords as MD5 Digest (RFC2069/RFC2617) | md5pwd |
Realm - string for MD5 Digest (RFC2069/RFC2617) | md5realm=path |
Using MD5 Digest for authorization if posible (RFC2069/RFC2617) | md5digest |
Using paranoidal variant of MD5 Digest for authorization if posible (RFC2617 qop=auth) | md5paranoidal |
IPs from that can administrate this server. Separe single IP by comma and IP ranges with hyphens. E.g. 192.168.0.1-192.168.0.16,127.0.0.1 | adm_range=value |
Deny IPs from that can't administrate this server. Separe single IP by comma and IP ranges with hyphens. | adm_deny=value |
IPv6 IPs from that can administrate this server. Separe single IP by comma and IP ranges with hyphens. E.g. ::1,FE80::-FEFF:: | adm6_range=value |
IPv6 Deny IPs from that can't administrate this server. Separe single IP by comma and IP ranges with hyphens. | adm6_deny=value |
Enable 2 point in filenames (may be dangerous) | twopoint |
HTTP server | |
Disable HTTP server. | nomax |
IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. 192.168.0.1-192.168.0.16,127.0.0.1 | http_range=value |
Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | http_deny=value |
IPv6 IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. ::1,FE80::-FEFF:: | http6_range=value |
IPv6 Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | http6_deny=value |
Bind to all addapters | nohttp_bind |
IPs and IPv6 to bind, through coma. (0.0.0.0 - bind to all IP; ::0 bind to all IPv6) | http_bind=value |
Also work through IPv6 | httpipv6 |
Don't restrict speed of outgoing transfer | nohttp_speed |
Limit for summary speed of outgoing transfer for all connections from the same IP (KBytes/minute) | http_speed=value |
How many another connections must have activity, to check on speed limitation | http_spdusr=value |
PHP. Specify location of "php-cgi.exe" or "phpisapi.dll" | php=path |
Run PHP as FastCGI. | fcgi_php |
FastCGI ident. The part of a URL that indicates a FastCGI script. Default is ".fcgi" | fcgi_ident=value |
Use this group id, to detect FastCGI. Direct 0 to disable using group id. | fcgi_gid=value |
Use UNIX socket for FastCGI. Otherwise used localhost TCP socket | fcgi_unix |
Directory to create FastCGI UNIX sockets. May be /tmp, /var/tmp, /dev/shm, ... | fcgi_upath=path |
Disable share dir. | noshare |
Do not show directory listing | nooutdir |
Don't break CGI, when connection closed | nbrkcgi |
Advanced code for control header. | header=value |
Use 'chunked' transfer for SSI. | ssi_chunk |
Disable multi stream download for one file. | nomsd |
Use gzip packing, if posible. | http_gzip |
DLL library ZLib. | gz_lib=path |
Pack if size of file great then | gz_low=value |
Don't pack files with next sufixes | nogz_ext=value |
IP database file for countries features. | ip_base=path |
Add REMOTE_COUNTRY variable to CGI/SSI enviroment. | ip_cntr |
Enable return country info for '/$_ip2country_$?ip=x.x.x.x' request | ip2cntr_srv |
$_ip2country_$ service for authorized users only | ip2cntr_aut |
Enable DNS over HTTP(S). | http_doh |
No limitation for HTTP | nohttp_ltime |
Time per that will calculating limits (in seconds) | http_ltime=value |
Limit per IP (Kb) | http_ip_limit=value |
Limit per network (Kb) | http_net_limit=value |
Total limit for server (Kb) | http_limit=value |
Timeout, before resend request again. In milliseconds | dnstimeout=value |
TCP/IP port for HTTP server. Usually it's 80 | port=## |
Number of HTTP requests working simultaneous. Approcsimately 20Kb of memory is reserved for each thread. Usually 12 connections are enought for 3-8 visitors per minute. | max=## |
Limit on the number of idle keep-alive connections waiting | keep_alive_max=value |
Timeout in seconds for idle keep-alive connection | keep_alive_timeout=value |
Check live in seconds for idle keep-alive connection. 0 - use system default. (Supported from Linux 2.4, from Windows 10 v1709) | keep_alive_idle=value |
Default file name. Name when requested URL finished by "/". (Wildcards are accepted, such as index.* to allow any index file in folder) | def=name.ext |
Error file. Full path to file or script that will be returned if requested file is not found. For CGI or SSI PATH_INFO variable will contents the name of requested file. | error=path\name.ext |
Default web foulder. | dir=root_dir_name |
CGI ident.The part of a URL that indicates a CGI script. Default is "\cgi-bin\", but you could use e.g. "\cgi-", "\local-bin\", ".cgi", etc. | cgi_ident="\cgi-bin\" |
PERL interpreter. Interpreter for scripts with .pl extension | perl=path\name.exe |
Share dir. If you want this dir to be CGI current dir always, direct it here. Otherwise CGI current dir will be CGI script dir. | share=path |
Enable Server Side Includes (SSI) checking in HTML files. By default SSI checking in .sht*,.sml*,.asp* files only. Warning: SSI processing uses more memory, and and creates a small delay | ssihtm |
Key to check SSI in .sht*,.sml*,.asp* files only. | nossihtm |
Limit bytes received by POST method to. Note: Large value may use excessive PC and network resources. | post_limit=## |
Never execute .htm,.gif,.jpg files. Otherwise, server trays to run any file with CGI ident. | norunhtm |
Limit CGI execution time. (in seconds) | cgi_timeout=## |
ext=".ext;application;.ext;application;..." | |
mime=".ext1;mime-type1;.ext2;mime-type2;...;.extN;mime-typeN" | |
hostpath="hostname;path" Key may be repeated more then once. | |
Proxy server | |
Disable HTTP proxy. | noproxy |
TCP/IP port for proxy server. | proxy=#port |
Number of proxy requests working simultaneous. | proxy_max=#max |
IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. | proxy_range={#.#.#.#[-#.#.#.#],} |
Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | proxy_deny={#.#.#.#[-#.#.#.#],} |
Do not save proxy cache to hard disk. | noproxy_dir |
Proxy cache directory. | proxy_dir=path |
For how many days files will be saved. Proxy can delete downloaded files from cache proxy directory after several days of last download. In any case, if user press "Reload" button files download again. | proxy_time=#days |
Ignore NO-CACHE in control headers of the pages. HTTP protocol has an opportunity to disable caching for page. Often site holders use this option to calculate the number of vistors. In any case, if user press "Reload" button files download again. | ignocache |
Proxy for avtorized users only. Proxy will be available for defined users with proxy access flag only | proxyusers |
Disable Proxy server. | noproxy_max |
Bind to all addapters | noproxy_bind |
IPs and IPv6 to bind, through coma. (0.0.0.0 - bind to all IP; ::0 bind to all IPv6) | proxy_bind=value |
Also work through IPv6 | proxyipv6 |
Don't save big files. Limit (bytes) | proxy_fsize=value |
Calculate days from last access. (Otherwise from the day of download) | proxy_laccess |
Don't cache page if request content cookies. | proxy_hrd |
IPv6 IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. ::1,FE80::-FEFF:: | proxy6_range=value |
IPv6 Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | proxy6_deny=value |
Don't restrict speed of outgoing transfer | noproxy_speed |
Limit for summary speed of outgoing transfer for all connections from the same IP (KBytes/minute) | proxy_speed=value |
How many another connections must have activity, to check on speed limitation | proxy_spdusr=value |
Large mode. Useful to hold a lot of data traffic. | proxy_big |
Super large mode. New mode to minimize time for search when to many files stored. | proxy_sbig |
Number of tries to resume download file after error | proxy_tryes=value |
Limit for simultaneous requests from the same host to the same URL. Zero for unlimited. | proxy_same=value |
Do not use higher level proxy server. | noupproxy |
Higher level proxy server. | upproxy=value |
TCP/IP port on up level proxy server. | upproxy_port=value |
Higher level proxy server does not require authorization. | noup_user |
Higher level proxy user:pasword | up_user=value |
For POP3/SMTP/FTP proxy connect through HTTPS higher level proxy. | ever_upproxy |
No use higher level proxy for next hosts. | nouphosts=value |
Disabled hosts | bad_hosts=value |
Proxy session timeout (in second). | proxy_timeout=value |
Request gziped, and self unpack if browser don't support it. (Direct where is Zlib in HTTP part of options) | proxy_gzip |
Don't use antivirus | noproxy_antivirus |
Antivirus host (127.0.0.1 for local) | proxy_antivirus=path |
Antivirus port | proxy_avport=value |
Check HTML files. (Otherwise proxy will check application only) | proxy_avhtml |
Check all files. (Otherwise proxy will check application only) | proxy_avall |
No limitation for proxy | noproxy_ltime |
Time per that will calculating limits (in seconds) | proxy_ltime=value |
Limit per IP (Kb) | proxy_ip_limit=value |
Limit per network (Kb) | proxy_net_limit=value |
Total limit for server (Kb) | proxy_limit=value |
DNS server | |
Hosts file. See also format of this file | hosts=hosts_file |
Disable DNS server. | nohosts |
Bind to all addapters for DNS | nodns_bind |
IPs and IPv6 to bind for DNS, through coma. (0.0.0.0 - bind to all IP; ::0 bind to all IPv6) | dns_bind=value |
Also work through IPv6 for DNS | dnsipv6 |
Enable DNS over TCP. | dnstcp |
IPv6 IPs that can access this DNS server. Separe single IP by comma and IP ranges with hyphens. E.g. ::1,FE80::-FEFF:: | dns6_range=value |
IPv6 Deny IPs that can't access this DNS server. Separe single IP by comma and IP ranges with hyphens. | dns6_deny=value |
Don't save DNS cache on exit. | nodnscachefile |
DNS cache file name. | dnscachefile=path |
Don't try to recursive find AAAA records. (for networks that don't use Internet through IPv6) | dnsno6 |
Disable build in DNSBL server | nodns_bld |
Host name of build in DNSBL server | dns_bld=value |
Detect DoS request. Number of DoS-like requests to block IP | dns_detect_dos=value |
A space-separated list of bad hostnames. DoS detection names | dns_dos_hosts=value |
Disable recursion. | noreqursion |
Recursion call to higher level servers only. | dnsupl |
Return mailhost as host name, if MX record is not found. | dnsmx |
IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. | dns_range={#.#.#.#[-#.#.#.#],} |
Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | dns_deny={#.#.#.#[-#.#.#.#],} |
FTP server | |
Disable FTP server. | noftp_max |
Bind to all addapters for FTP | noftp_bind |
IPs and IPv6 to bind for FTP, through coma. (0.0.0.0 - bind to all IP; ::0 bind to all IPv6) | ftp_bind=value |
Also work through IPv6 | ftpipv6 |
IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. 192.168.0.1-192.168.0.16,127.0.0.1 | ftp_range=value |
Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | ftp_deny=value |
IPv6 IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. ::1,FE80::-FEFF:: | ftp6_range=value |
IPv6 Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | ftp6_deny=value |
Don't restrict speed of outgoing transfer | noftp_speed |
Limit for summary speed of outgoing transfer for all connections from the same IP (KBytes/minute) | ftp_speed=value |
How many another connections must have activity, to check on speed limitation | ftp_spdusr=value |
Use any free system provided port for a passive data connection | noftp_pasvp |
First FTP port for passive data connection. (Range of used ports will be from and including this port depending on the number of simultanious FTP connections) | ftp_pasvp=value |
Disable multi stream for one IP | ftp_oone |
Convert names with space. | ftp_wospace |
Don't use upload directory. | noftp_upload |
Enable FTP PORT command to the client's host only. FTP to FTP mode may not work. | ftp_same |
Enable FTP proxy. | ftp_proxy |
No limitation for FTP in | noftpi_ltime |
Time per that will calculating limits (in seconds) | ftpi_ltime=value |
Limit per IP (Kb) | ftpi_ip_limit=value |
Limit per network (Kb) | ftpi_net_limit=value |
Total limit for server (Kb) | ftpi_limit=value |
No limitation for FTP out | noftpo_ltime |
Time per that will calculating limits (in seconds) | ftpo_ltime=value |
Limit per IP (Kb) | ftpo_ip_limit=value |
Limit per network (Kb) | ftpo_net_limit=value |
Total limit for server (Kb) | ftpo_limit=value |
Always ask for a password, even for users without a password | ftp_always_pass |
Number of simultaneous requests. | ftp_max=max |
TCP/IP port for FTP server. Usually it is 21 | ftp_port=port |
User session timeout. (in second) Connection will close, if user is idle for this time. | ftp_timeout=#N |
Name of upload subdirectory.If FTP directory contents this subdirectory, users with \"read only\" access can still upload files here. E.g. /pub/" | ftp_upload="/dir/" |
Enable virtual directories for FTP. | ftp_vdirs |
POP3 server setting | |
Disable POP3 server. | nopop3_max |
POP3/SMTP session timeout. (in second). Connection will close, if user is idle for this time. | pop_timeout=value |
IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. 192.168.0.1-192.168.0.16,127.0.0.1 | pop_range=value |
Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | pop_deny=value |
IPv6 IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. ::1,FE80::-FEFF:: | pop6_range=value |
IPv6 Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | pop6_deny=value |
Bind to all addapters | nopop_bind |
IPs and IPv6 to bind, through coma. (0.0.0.0 - bind to all IP; ::0 bind to all IPv6) | pop_bind=value |
Also work through IPv6 | popipv6 |
Don't restrict speed of outgoing transfer | nopop_speed |
Limit for summary speed of outgoing transfer for all connections from the same IP (KBytes/minute) | pop_speed=value |
How many another connections must have activity, to check on speed limitation | pop_spdusr=value |
Enable POP3 proxy | pop3_proxy |
Enable Web mail | wmail |
Don't save messages sent throught Web mail in user's folder | nowmailsent |
Subfolder to save sent messages | wmailsent=value |
Delete messages throught Web mail immediately | nowmailtrash |
Trash folder to move deleted messages | wmailtrash=value |
Convert pages to UTF-8 | wmail_utf |
Number of simultaneous requests. | pop3_max=max |
TCP/IP port for POP3 server. Usually it is 110 | pop_port=port |
SMTP server setting | |
Disable SMTP server. | nosmtp_max |
Bind to all addapters | nosmtp_bind |
IPs and IPv6 to bind, through coma. (0.0.0.0 - bind to all IP; ::0 bind to all IPv6) | smtp_bind=value |
Also work through IPv6 | smtpipv6 |
If mailhost of receptor absent, try host | smtp_nomx |
It is normal SMTP relay. (Otherwise it is only SMTP proxy) | nosmtpproxy |
Higher level SMTP. (SMTP proxy mode) | smtpproxy=value |
Do not save sent messages. | nosmtp_sent |
For how many days sent messages will be saved. (Zero for keep ever) | sent_time=value |
IPv6 Us IP ranges (allowed list) E.g. ::1,FE80::-FEFF:: | smtp6_range=value |
IPv6 Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | smtp6_deny=value |
Temporary add IP to allowed list after POP3 authorization | smtp_pop_ip |
Limit message size. (in bytes). | smtp_msg_limit=value |
Don't break connection, when overflow size limit | smtp_nobreak |
Enable Generate-Delivery-Report | smtp_conform |
Goodlist. Common file with alowed source e-mails, IPs, hosts paterns | goodlist=path |
Badlist. Common file with bad source e-mails, IPs, hosts paterns | badlist=path |
Graylist. Common file with source e-mails, IPs, hosts paterns that required addvansed checking | graylist=path |
Check "goodlist", "badlist" and "graylist" files in user's home directory before receive message | chklists |
Text that will be retrived in case when message declined. There you also may direct URL to Web form to direct send message | msgspam=value |
Do not use script for incomming/outgoing mail | noantivirus |
Antivirus script | antivirus=path |
Limit of time for script execution. (in seconds) | run_timeout=value |
Break filter (expresion). Variables $msg,$sender,$hello,$control may be checked to stop reciving large message. | antispam=value |
Spam filter (expresion). Variables $msg,$sender,$hello,$control may be checked to add IP to spamer's list. | spamfltr=value |
Accept messages with wrong return path | nocheckback |
Fake e-mail addresses, through coma. If somebody try to send message to these addresses it will be added to spamer's list | fake=value |
DNSBL servers. Ask these external spamers list, about remote IP, before receive mail. (May be more then one server through space) | dnsbl=value |
Check mailhost of sender (DNS MX record) before receive mail | checkmx |
Ignore graylist if message incomme from source mailhost (DNS MX) | mxignbl |
How long spamers IPs will active in spamer's list (in seconds) | spam_time=value |
No limitation for SMTP | nosmtp_ltime |
Time per that will calculating limits (in seconds) | smtp_ltime=value |
Limit per IP (Kb) | smtp_ip_limit=value |
Limit per network (Kb) | smtp_net_limit=value |
Total limit for server (Kb) | smtp_limit=value |
No limitation for alowed IPs | nolimitus |
Enable receive from foregein IP messages from us domain | uncheckip |
Minimal timeout betwen sending messages | time_btw=value |
Number of simultaneous requests. | smtp_max=max |
SMTP server name. (Domain name) | smtp_name=your.domain.name |
Use all virtual hosts as alias domain name. | vhalias |
TCP/IP port for SMTP server. Usually it's 25 | smtp_port=port |
Output path. Directory to store messages before sending | smtp_out=path |
Sent path. Directory to store sent messages | smtp_sent=path |
Error path. Directory to store messages, on failed send | smtp_err=path |
DNS server to get mail routing info. (May be your default DNS server) | smtp_dns=#.#.#.# |
Alow any "From" field. Otherwise server will send message from user_name@your.domain.name only | smtp_any |
IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. | smtp_range={#.#.#.#[-#.#.#.#],} |
Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | smtp_deny={#.#.#.#[-#.#.#.#],} |
Blacklist of E-mail addresses of spamers. Separate addreses by space. Use *@host to block receiving from any address of this host) | blacklist="u@adr1 *@adr2 ..." |
Use instructions from the "forward" file in a user's directory. | forward |
Alow execution of applications from user's "forward" file. | fwdrun |
Use TLS when sending outgoing message if possible | smtptls |
Always use TLS when sending outgoing messages; if not possible, don't send | smtponlytls |
Verify the remote certificate signature. (Verfy methods the same as directed in VPN client settings) | smtpchktls |
DHTP server setting | |
Disable DHCP | nodhcp_max |
Total IPs avilable to allocate | dhcp_max=value |
IP address of DHCP server | dhcp_ip=value |
LAN broadcast address for DHCP reply | dhcp_bcast=value |
First IPs for allocate | dhcp_first=value |
Netmask | dhcp_mask=value |
Gateway | dhcp_gate=value |
DNS servers | dhcp_dns=value |
Domain name | dhcp_name=value |
File to save state | dhcp_file=path |
DNS should resolve hostnames for IPs that was allocated | dhcp_rdns |
Listen only, to store info from another servers for DNS. (never response) | dhcp_lo |
TLS/SSL server setting | |
Disable TLS/SSL server | notls_max |
Number of simultaneous requests. | tls_max=value |
TCP/IP port for TLS/SSL server. Usually it's 443 | tls_port=value |
IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. 192.168.0.1-192.168.0.16,127.0.0.1 | ssl_range=value |
Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | ssl_deny=value |
IPv6 IPs that can access this server. Separe single IP by comma and IP ranges with hyphens. E.g. ::1,FE80::-FEFF:: | ssl6_range=value |
IPv6 Deny IPs that can't access this server. Separe single IP by comma and IP ranges with hyphens. | ssl6_deny=value |
Bind to all addapters | notls_bind |
IPs and IPv6 to bind, through coma. (0.0.0.0 - bind to all IP; ::0 bind to all IPv6) | tls_bind=value |
Also work through IPv6 | tlsipv6 |
Don't restrict speed of outgoing transfer | notls_speed |
Limit for summary speed of outgoing transfer for all connections from the same IP (KBytes/minute) | tls_speed=value |
How many another connections must have activity, to check on speed limitation | tls_spdusr=value |
Enable TLS for POP3/SMTP | smtp_tls |
Enable TLS for FTP | ftp_tls |
DLL library with TLS/SSL. E.g. libsec111.dll | tls_lib=path |
Certificate file | tls_cert_file=path |
Key file | tls_key_file=path |
CA-Path | tls_capath=path |
CA-file | tls_cafile=path |
Sets priorities for the ciphers, key exchange methods, and macs
For GNU TLS and for OpenSSL, the string format is different.
For OpenSSL, you can see the format of this line here in the CIPHER LIST FORMAT section.
The default is the following line:
"TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_AES_256_GCM_SHA384: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384: ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:ALL:!DES:!3DES:!RC2"For GnuTLS, see the string format here | tls_priority=value |
Remote administration through sequre HTTPS only | admtls |
Web mail through sequre HTTPS only | tls_wmail |
HTTP TLS VPN server setting | |
Disable TLS VPN | notlsvpn |
Maximum number of TLS VPN connections working simultaneous. | tlsvpn_max=value |
TLS VPN URL name (direct only local part of URL e.g. "/$_vpn_$"). HTTPS requests to this URL will be redirected to VPN | vpn_url=value |
Enable TLS VPN on Tun device | vpntun |
Enable TLS VPN on Tap device | vpntap |
Tun device number | vpn_tun_number=value |
Tap device number | vpn_tap_number=value |
TLS VPN MTU for tun. | vpn_tun_mtu=value |
TLS VPN MTU for tap. | vpn_tap_mtu=value |
Tun device pathname | tundev=value |
Public access without password. (Otherwise only users with Proxy access can use this service) | vpnpub |
Set Tun interface IP address | tun_ip=value |
Set Tun interface netmask | tun_nmask=value |
Set Tap interface IP address | tap_ip=value |
Set Tap interface netmask | tap_nmask=value |
Run init script for Tun device | tun_script_up=path |
Run init script for Tap device | tap_script_up=path |
First IP address to allocate for remote client that connected to Tun. (Optional) | tun_remote_ip=value |
Total IP addresses to allocate for remote client that connected to Tun. (Optional. Set to 0 to use external DHCP server, or another methods) | tun_remote_max=value |
DNS servers that will be offered to the TUN client. | tun_remote_dns=value |
First IP address to allocate for remote client that connected to Tap. (Optional) | tap_remote_ip=value |
Total IP addresses to allocate for remote client that connected to Tap. (Optional. Set to 0 to use external DHCP server, or another methods) | tap_remote_max=value |
DNS servers that will be offered to the TAP client. (Optional) | tap_remote_dns=value |
HTTP TLS VPN client setting | |
Enable to connect to TLS VPN remote host | vpnclient |
Host to connect to remote TLS VPN server | vpn_remote_host=value |
TLS VPN remote port. (Usually 443) | vpn_client_port=value |
TLS VPN URL name (direct only local part of URL e.g. "/$_vpn_$"). Must be the same as directed on the remote server | vpn_client_url=value |
TLS VPN User name | vpn_remote_user=value |
TLS VPN Password | vpn_remote_passw=value |
VPN client to Tap. (Otherwise Tun) | vpncln_tap |
TLS VPN client Tun/Tap device number | vpn_tuntap_number=value |
TLS VPN MTU for client. | vpn_client_mtu=value |
Set client VPN interface IP address | tuntap_ip=value |
Set client VPN interface netmask | tuntap_nmask=value |
Run init script when VPN connection estabilished | vpncln_script_up=path |
Run deinit script when VPN connection closed | vpncln_script_down=path |
Validate remote TLS sertificate, check host name | vpncln_chktls |
Don't check remote sertificate time. Ignore expired. (GNUTLS only) | vpncln_tlsigntime |
Accept self signed sertificate. (GNUTLS only) | vpncln_tlsssign |
SSH style of sertificate validate. (GNUTLS only. Public keys of new untracted remote will be stored in ~/.gnutls/known_hosts) | vpncln_tlssshstyle |
user="name;password;home_dir;type_of_access_flags"
type_of_access_flags -- It's sequence of next symbol:
Key may be repeated more then once.
user=anonymous;;c:\public;FWN user=ftp;;c:\readonly;F |
http.exe port=1080 def=index.html php="C:\PROGRAM FILES\PHP\php.exe" nologHere is an example of configuration file:
log=C:\TEMP\http.log perl=C:\PERL\BIN\perlis.dll # supported !!! max=12 def=index.stm @www.cfg # include other configuration file hostpath=www.name.www;C:\www1 hostpath=max.name.www;C:\www2 # End of file
HTTP,FTP,POP3,Proxy will receive request from IPs that include in allowed list and exclude denied list.
SMTP will receive the message for own domain (incoming for own users) from any addresses, exclude denied. The messages to send outside, it will get from allowed IPs only If you don't want get any messages from some IP -- just add it to denied list.
DNS server also retrieve local records to anybody, but recursion searching it do for IPs from allowed list only.
Current server version supports the following tags:
include
<!--#include virtual="path/file_name" -->
<!--#include file="full_path/file_name" -->
Both variants include the content of file_name in the document. In first
case it looks for the document from the web root directory, in the second
case you can define a path for the document. If the requested document
content cgi_ident in path, the server runs the file. If the file_name
contains the "?" symbol, the string after it is transmitted as a request
with parameters which should be processed by your script.
exec
<!--#exec cgi="file_name" -->
<!--#exec cmd="file_name" -->
Runs the script like with "include" tag, from /cgi_ident/ subdirectory
fsize & lastmod
<!--#fsize virtual="path/file_name" -->
<!--#fsize file="full_path/file_name" -->
<!--#fsize Kb virtual="path/file_name" -->
<!--#fsize Mb file="full_path/file_name" -->
<!--#lastmod virtual="path/file_name" -->
<!--#lastmod file="full_path/file_name" -->
<!--#lastmod format="d.m.Y H:i:s" virtual="path/file_name" -->
<!--#lastmod format="d-m-y h:i:sA" file="full_path/file_name" -->
Shows file size and last modified date. Size can be rounded up to Kilobytes or Megabytes.
Date can by formated as you like. Next format keys are defined:
Key | Description | Range |
---|---|---|
d | Day of the month, 2 digits with leading zeros | 01 to 31 |
j | Day of the month without leading zeros | 1 to 31 |
m | Numeric representation of a month, with leading zeros | 01 through 12 |
n | Numeric representation of a month, without leading zeros | 1 through 12 |
Y | A full numeric representation of a year, 4 digits | 1970 through 9999 |
y | A two digit representation of a year | 00 through 99 |
a | Lowercase Ante meridiem and Post meridiem | am or pm |
A | Uppercase Ante meridiem and Post meridiem | AM or PM |
g | 12-hour format of an hour without leading zeros | 0 through 12 |
G | 24-hour format of an hour without leading zeros | 0 through 23 |
h | 12-hour format of an hour with leading zeros | 01 through 12 |
H | 24-hour format of an hour with leading zeros | 00 through 23 |
i | Minutes with leading zeros | 00 to 59 |
s | Seconds with leading zeros | 00 through 59 |
echo
<!--#echo var="var" -->
Prints variable value.
printenv
<!--#printenv -->
Outputs the values of all variables.
break
<!--#break -->
Breaks procession of the document.
if -- elif -- else -- endif
<!--#if expr="expression" -->
text
<!--#elif expr="expression" -->
text
<!--#elif expr="expression" -->
text
...
<!--#else -->
text
<!--#endif -->
The text will be either shown or not depending on the outcomes of specified
conditions. The conditions can consist of variables and values as well as
different logical operators between them:
! -- "Not"
= or == -- "Equal to"
!= -- "Not equal to"
<,>,<=,>= -- "Less than", "Greater than", "Less than or equal to",
"Greater than or equal to".
~ -- "Part of..."
str1 ~ str2 -- the result is true, if the string str2
is the part of string str1
str1 =~ /pattern/ig -- pattern it is Regular expressions like Unix.
The result is be true, if in the string str1
has been found substring equal by pattern.
&& --"AND"
|| --"OR"
elif and else operators can be omitted, elif
can be repeated as many times as you need. It's necessary to put the
endif tag at the end of your statements.
set
<!--#set var="variable" value="value" -->
Sets or changes the value of the variable. Although, try not to use this
feature too often because the number of variables and memory allocated for
them is somewhat restricted.
var county_code="CC",country="Country name",country_ip="127.0.0.1";
If hard disk cache enabled server will store all incomming files except authorized pages. Server can delete downloaded files from cache proxy directory after several days of last download. You may chouse save downloaded data for long time, and in this case you will have lot of files, and quantity will be grow, and grow, and grow... Some file's systems slowly working when too much of files in directory. For this case use large mode, -- the server create 64 subdirectories and will save the files there. See also command line keys descriptions
This version content DNS server. To run you must specify hosts file.
File has format on the one hand compatible with system hosts file and on
the other hand may be alike with master file format recomended by RFC 1035.
For compatible with system hosts file, each lines may content IP address
and name of the host. Comments begin with symbol '#'. Domain name in
this file could begin from '*.' to descript all subdomain.
Example:
# Here is an example of hosts file for local network. 192.168.1.21 www.max.local 192.168.1.21 max.local 192.168.1.20 *.max.local 192.168.1.22 www.boss.local 192.168.1.23 serg.local 192.168.1.26 www.serg.local 192.168.1.24 *.andy.local 192.168.1.25 *.mary.local # etc ... # To create your own dialup network add last record: 192.168.1.21 * # -- Redirect all unknown incoming request to 192.168.1.21 # end of hosts fileAlso each line may content domain-name and RR description and comment may begin with ';' Next lines are supported:
Server may support reqursion call. To release resolving for any domain
you MUST direct NS record for root servers. If you check "Recursion call to
up level servers only" you must direct DNS server of your provider, instead
root servers, and program will call only to these servers. Otherwise,
server will call to different zone servers.
Example:
# Here is an example of hosts file for export domain to Internet, # and resolve other names. ; First, lines holds the information on root name servers needed to ; initialize cache of Internet domain name servers . IN NS a.root-servers.net a.root-servers.net IN A 198.41.0.4 . IN NS b.root-servers.net b.root-servers.net IN A 128.9.0.107 . IN NS c.root-servers.net c.root-servers.net IN A 192.33.4.12 . IN NS d.root-servers.net d.root-servers.net IN A 128.8.10.90 . IN NS e.root-servers.net e.root-servers.net IN A 192.203.230.10 . IN NS f.root-servers.net f.root-servers.net IN A 192.5.5.241 . IN NS g.root-servers.net g.root-servers.net IN A 192.112.36.4 . IN NS h.root-servers.net h.root-servers.net IN A 128.63.2.53 ; Now declare our domain $TTL 86400 ;TTL - 24 hours somedomain.net IN SOA somedomain.net [email protected] ( 2002120602 ; Serial 36000 ; Refresh 3000 ; Retry 36000000 ; Expire 36000 ; Minimum ) IN NS ns.somedomain.net IN NS ns2.somedomain.net IN MX 1 relay1.somedomain.net IN MX 2 relay2.somedomain.net IN A 192.168.12.1 ns.somedomain.net IN A 192.168.12.1 ns2.somedomain.net IN A 192.168.12.2 relay1.somedomain.net IN A 192.168.12.1 relay2.somedomain.net IN A 192.168.12.2 pc2.somedomain.net IN A 192.168.12.2 IN NS ns2.somedomain.net IN MX 1 relay1.somedomain.net *.somedomain.net IN A 192.168.12.1 IN NS ns.somedomain.net IN NS ns2.somedomain.net IN MX 1 relay1.somedomain.net IN MX 2 relay2.somedomain.net ; also this file may contents lines in next format: 192.168.12.1 www.max.local 192.168.12.2 max.local 192.168.12.1 *.max.local $SLAVE domain2.name 192.168.12.8 domain2.name.txt $IF_DOWN 192.168.12.2:80 300 192.168.12.2=192.168.12.1 # end of hosts file
SMTP server can:
# Begin of file @yahoo 4.79.181. 67.28.113. [email protected] lotto ? $sender == spamer@address ? ! $hello =~ /.+\.[a-z]{2,4}/ ? $control =~ /\[64.156.215.*\]/ # End of file
# Here is the example of forward file. #if $text =~ /\nFrom: .*?boss@address/i !d:\perl\bin\perl.exe check.pl #endif #if $in_text(100% FREE) #mv c:\probably\spam #elif $size_kb<=20 && ! ( $text =~ /^From: .*?([^< ]+?@[^> \r\n]+).*/i && ($1 == [email protected] || $1 == boss@address ) || $in_text(do not redirect) ) #cp c:\probably\importan my_home@address [email protected] #else !d:\perl\bin\perl.exe autoreply.pl $msgfile $1 #endif # End of forward file
# Here is the example of antivirus file. #if $text =~ /Content-Transfer-Encoding: ["`]?base64[\001-\xFF]*?\n\r?\nTVqQAAMA/ #if $text =~ /name=.*\.pif/ #mv c:\probably\virus #else !c:\DrWeb\drwebcl.exe /GO /TM- /WA- /TB- /ML #endif #elif $body =~ /<script language=/ && $body =~ /<!DOCTYPE HTML/ #mv c:\probably\spam #endif # End of file
(! ( $msg =~ /^From:[^\n\r]*<([^>\n\r]+)>/i || $msg =~ /^From:[ \t]*([^\n\r]+)/ ) ) || $1 != $sender || $msg =~ /^Subject:[^\n\r]*New site|You are win/i || $msg =~ /to|for[ \r\n\t]+unsubscribe[ \r\n\t]+[ \r\n\t]+press|go|open|reply|do not/iIn this example: first four lines check does field 'From' is present in the message, and get address from this field, and this address must be the same as sender address (return path); Next line search in the field Subject "New site" or "You are win"; and last line try to detect some strings like "To unsubscribe do something..."
POP3 server provide access to incomming mail. If POP3 proxy is enabled
then users may option their E-mail client's program to get mail from
another remote POP3 through this POP3. For it, user option in client's program must be:
local_user@remote_user@remote_host
Password must be: local_password@remote_password
Or @remote_password part may be added to user option.
Anywhere instead '@' may be used '#'.
FTP server provide access to home directories of users and if option
"Enable virtual directories for FTP" is selected then provide access
to private virtual directories. Public virtual directories
are unavilable through FTP.
If FTP proxy is enabled
then users may option their FTP client's program to work with
remote FTP through this FTP. For it, user option in client's program must be:
local_user@remote_user@remote_host
Password must be: local_password@remote_password
Or @remote_password part may be added to user option.
Anywhere instead '@' may be used '#'.
Some FTP clients (e.g. FTP plugin for Far manager) support alike type of
FTP proxy. In this cliens you may option firewall setting to
your_host:FTP_port, and dirrect FTP URL like this:
ftp://local_user#remote_user:local_password#remote_password@ftp_host/
The server doesn't content real buildin TLS/SSL cryptographic functions,
but includes interface to connect external TLS/SSL library. You may
connect OpenSSL or
GNU TLS to the server. Foe Windows version simple
DLL based on OpenSSL 3.2.0 avilable here:
libsec320.zip (OpenSSL included)
DLL based on GnuTLS avilable here:
seclibgnutls.zip (GNU TLS required)
For this functions required sertificate.
Easy and free way to get it, is generate self signed sertificate e.g. with help OpenSSL:
openssl genrsa 2048 > ks.key openssl req -x509 -new -key ks.key -days 3650 > ks.pemks.pem -- is result file that may be used as "Certificate file"
openssl x509 -in ks.pem -outform der | sha256sumSelector=1 (subject public key)
openssl x509 -in ks.pem -pubkey -noout | openssl rsa -pubin -outform der | sha256sum
_443._tcp.smallsrv.com. IN TLSA ( 3 0 1 1ebec2c8434a67e0cbf35619819367067d5a852569666d4f6b222f722cc7cb65 ) _443._tcp.www.smallsrv.com. IN TLSA ( 3 0 1 1ebec2c8434a67e0cbf35619819367067d5a852569666d4f6b222f722cc7cb65 ) _25._tcp.smallsrv.com. IN TLSA ( 3 0 1 1ebec2c8434a67e0cbf35619819367067d5a852569666d4f6b222f722cc7cb65 ) _110._tcp.smallsrv.com. IN TLSA ( 3 1 1 5bdd89111e62a72c946d47a91e7a17aec3102d41a2523e04b510a83cebffdf1a )
Now this program can create a VPN channel inside an HTTPS connection.
openssl rehash -compat -v path_to_this_directoryIf you are using GnuTLS there are a few additional options, e.g. you can disable certificate time checking and enable SSH style verification. In this case, the host's certificate will be accepted as valid the first time, and the public key will be stored for the host. The next time the public key will be verified.
M. Feoktistov