SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

#
# sh-httpd usage notes
#

Filenames (the 'base' URL before any ?, including any extra path info) are restricted to alphanumerics, and a limited set of extra characters, currently: /-_.=+,

The base URL is also not de-escaped. Note that this could be done in shell script, but it would be akward, presents security issues, and is kind of pointless with the limited filename character set supported above.

Query string data is limited to the same set of characters when used as command line parameters. If illegal characters are found, the CGI program is still run, but no command-line arguments are passed. The full text query string still exists as the environment variable QUERY_STRING, and may be parsed by the CGI program.

Currently, URL's are not checked to see if they are files or directories. If a URL ends with a slash '/', it is assumed to be a directory, and index files are checked for. If a URL does NOT end in a slash, it is assumed to be a file and an error will be returned if it is actually a directory.

#
# Bugs and Oddities
#

Probably exist...

#
# Config File Details:
#

SERVER_NAME=lrptest.steinkuehler.net
SERVER_ADDR=208.189.96.11
SERVER_PORT=8008

You have to tell the server it's local IP address, port, and name. If your server does not have a resolvable DNS name, set SERVER_NAME to the IP address.

CLIENT_ADDRS=""

A space seperated list of IP addresses allowed to access the server. Each pattern is matched against the start of the numeric IP address of the client, so you may use a 'prefix' (ie 192.168. will match anything in the 192.168.0.0/16 network, but will NOT match 1.192.168.2). Be VERY careful here. Since text pattern matching is used, there can be unexpected consequences (ie 10 matches 10.0.0.0/8, but it also matches 100.x.x.x - 109.x.x.x). To prevent this, specify prefix patterns with trailing dots (ie use 10. in the previous example). If this pattern is empty or null, no IP checking is performed

DEFCONTENT="text/plain"

This is the assumed document type if a filename does not match one of the known content types. Content types are specified in the MIME_TYPES file(s) (see the next section).

MIME_TYPES="mime-types /etc/sh-httpd.mime"

A space seperated list of file names to read mime-type information from. Each file line should contain a file suffix at the start of the line, whitespace (space or tab), and a mime-type. The file suffix is the result of the expansion ${filename##*.} If no matching suffix is found, DEFCONTENT is used. If more than one matching suffix is located, the first one found is used. Files are scanned in the order listed (ie: with the above setting, mime-types is scanned first, followed by /etc/sh-httpd.mime).

If a filename is not absolute (mime-types, above) the file is read from the same directory as the requested document, allowing mime-types to vary on a directory-by-directory basis.

DOCROOT=/usr/local/sh-www

This is the base location of all your web files. No access by URL is available outside this directory (ie http://server/../ will return a 403). CGI scripts can still see the whole directory structure.

LOGFILE=/usr/local/sbin/log

Location for the log file. The log must be writable by the user sh-httpd runs as (typically nobody or sh-httpd). If this is unset or null, logging is disabled.

DEFINDEX="index.html index.htm index.cgi"

A space seperated list of filenames to try if a directory was specified. These are tried in order, so put the most common filename first.

SCRIPT_ALIAS="/cgi-bin"

A space seperated list of patterns which are tested against the start of the requested URL. If any of the patterns match, the URL is parsed as follows: $SCRIPT_ALIAS*/<cgi-script>/<extra-path-info>

Note that there should be no trailing slash in the pattern specification, and the pattern is automatically extended to the next slash. This means a SCRIPT_ALIAS of /cgi-bin will match /cgi-bin/ /cgi-bin1/ /cgi-bin2/ etc...

SCRIPT_SUFFIX=".cgi .bat"

A space seperated list of patterns used to define cgi scripts. Before replying to a request, the web server checks the resulting filename (after parsing) against these suffixes. If any match, the file is assumed to be a CGI program and is executed instead of simply being sent. This method of specifying CGI programs does not allow for any extra-path information to be sent, and is only required if you mix CGI scripts and HTML documents in the same directory.

TIMEOUT=30

This value controls the time (in seconds) the server will wait for a CGI program to complete, before killing it and aborting the web request.

LSDATEFLAG="-e" # BusyBox ls command (LRP & floppy disk linux) #LSDATEFLAG="--full-date" # 'real' ls command (full disto)

This tells the server how to obtain the full date from the ls command, which is used to generate a Last-modified: header.

#
# Required external programs:
#

I think this is a comprehensive list of the external programs required to run sh-httpd, but I might have missed something...

[ (test)
usually a shell built-in

basename
no longer needed...replaced with shell script (mainly 'set' command)

cat
no special requirements

cd
no special requirements

date
Must support the -u (UTC) and -R (RFC822 format) switches

dirname
no longer needed...replaced with sed script

echo
Must support the -e and -n switches, and evaluate \r as <CR> (0x0D)

getpeername
Used to obtain the remote IP address for CGI programs and logging

ls
should support the -e (busybox) or --full-time switch to allow generation of the Last-modified: header

sed
used for general string processing


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.