import bozohttpd 20090418. changes include:
o avoid dying in daemon mode for some uncommon, but recoverable, errors o close leaking file descriptors for CGI and daemon mode o handle poll errors properly o don't try to handle more than one request per process yet this covers PR#38489 and PR#40079, as well some some issues reported privately.
This commit is contained in:
parent
1239650e67
commit
5de1fbc2cb
594
libexec/httpd/bozohttpd.8.html
Normal file
594
libexec/httpd/bozohttpd.8.html
Normal file
@ -0,0 +1,594 @@
|
||||
<html>
|
||||
<head>
|
||||
<title>
|
||||
April 17, 2009 BOZOHTTPD 8 BOZOS
|
||||
|
||||
</title>
|
||||
<style type="text/css">
|
||||
<!--
|
||||
body { margin-left:4%; }
|
||||
H1, H2, H3, H4, H5 {
|
||||
color: maroon; padding: 4pt; margin-left: -4%;
|
||||
border: solid; border-width: thin; width: 100%;
|
||||
background: rgb(204,204,255)
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body bgcolor="#FFFFFF" text="#000000">
|
||||
<h3 id="NAME">
|
||||
NAME
|
||||
</h3>
|
||||
<b>bozohttpd</b>
|
||||
- hyper text transfer protocol version 1.1 daemon
|
||||
<h3 id="SYNOPSIS">
|
||||
SYNOPSIS
|
||||
</h3>
|
||||
<b>bozohttpd</b>
|
||||
[<b>-</b><b>HVXbenrus</b>]
|
||||
[<b>-</b><b>C</b><i></i><i> suffix</i><i> cgihandler</i>]
|
||||
[<b>-</b><b>I</b><i></i><i> port</i>]
|
||||
[<b>-</b><b>M</b><i></i><i> suffix</i><i> type</i><i> encoding</i><i> encoding11</i>]
|
||||
[<b>-</b><b>S</b><i></i><i> server_software</i>]
|
||||
[<b>-</b><b>c</b><i></i><i> cgibin</i>]
|
||||
[<b>-</b><b>i</b><i></i><i> address</i>]
|
||||
[<b>-</b><b>p</b><i></i><i> pubdir</i>]
|
||||
[<b>-</b><b>t</b><i></i><i> chrootdir</i>]
|
||||
[<b>-</b><b>v</b><i></i><i> virtualroot</i>]
|
||||
[<b>-</b><b>x</b><i></i><i> index</i>]
|
||||
[<b>-</b><b>Z</b><i></i><i> cert</i><i> privkey</i>]
|
||||
<i></i><i>slashdir</i>
|
||||
[<i></i><i>myname</i>]
|
||||
<h3 id="DESCRIPTION">
|
||||
DESCRIPTION
|
||||
</h3>
|
||||
The
|
||||
<b>bozohttpd</b>
|
||||
program reads a
|
||||
<em></em><em>HTTP</em>
|
||||
request from the standard input, and sends a reply to the standard output.
|
||||
Besides ~user translation and virtual hosting support (see below), all file
|
||||
requests are from
|
||||
<i></i><i>slashdir</i>
|
||||
directory.
|
||||
The server uses
|
||||
<i></i><i>myname</i>
|
||||
as its name, which defaults to the local hostname, obtained from
|
||||
gethostname(3)
|
||||
(but see the
|
||||
<b>-</b><b>v</b>
|
||||
option for virtual hosting.)
|
||||
<b>bozohttpd</b>
|
||||
is designed to be small, simple and relatively featureless,
|
||||
hopefully increasing its security.
|
||||
<h4 id="OPTIONS">
|
||||
OPTIONS
|
||||
</h4>
|
||||
The following options are available:
|
||||
<dl compact>
|
||||
<p><dt><b>-</b><b>b</b><dd>
|
||||
This option enables daemon mode, where
|
||||
<b>bozohttpd</b>
|
||||
detaches from the current terminal, running in the background and
|
||||
servicing HTTP requests.
|
||||
<p><dt><b>-</b><b>C</b><i></i><i> suffix</i><i> cgihandler</i><dd>
|
||||
This option adds a new CGI handler program for a particular file type.
|
||||
The
|
||||
<i></i><i>suffix</i>
|
||||
should be any normal file suffix, and the
|
||||
<i></i><i>cgihandler</i>
|
||||
should be a full path to an interpreter.
|
||||
This option is the only way to enable CGI programs that exist
|
||||
outside of the cgibin directory to be executed.
|
||||
Multiple
|
||||
<b>-</b><b>C</b>
|
||||
options may be passed.
|
||||
<p><dt><b>-</b><b>c</b><i></i><i> cgibin</i><dd>
|
||||
This option enables the CGI/1.1 interface.
|
||||
The
|
||||
<i></i><i>cgibin</i>
|
||||
directory is expected to contain the CGI programs to be used.
|
||||
<b>bozohttpd</b>
|
||||
looks for URL's in the form of
|
||||
<em></em><em>/cgi-bin/<scriptname></em>
|
||||
where
|
||||
<em><</em><em>scriptname></em>
|
||||
is a valid CGI program in the
|
||||
<i></i><i>cgibin</i>
|
||||
directory.
|
||||
In other words, all CGI URL's must begin with
|
||||
<em></em><em>/cgi-bin/</em>.
|
||||
Note that the CGI/1.1 interface is not available with
|
||||
<em></em><em>~user</em>
|
||||
translation.
|
||||
<p><dt><b>-</b><b>e</b><dd>
|
||||
This option causes
|
||||
<b>bozohttpd</b>
|
||||
to not clear the environment when used with either the
|
||||
<b>-</b><b>t</b>
|
||||
or
|
||||
<b>-</b><b>U</b>
|
||||
options.
|
||||
<p><dt><b>-</b><b>H</b><dd>
|
||||
This option causes directory index mode to hide files and directories
|
||||
that start with a period, except for
|
||||
<code></code><code>..</code>.
|
||||
Also see
|
||||
<b>-</b><b>X</b>.
|
||||
<p><dt><b>-</b><b>I</b><i></i><i> port</i><dd>
|
||||
This option is only valid with the
|
||||
<b>-</b><b>b</b>
|
||||
option.
|
||||
It causes
|
||||
<i></i><i>port</i>
|
||||
to use used as the port to bind daemon mode.
|
||||
The default is the
|
||||
``http”
|
||||
port.
|
||||
<p><dt><b>-</b><b>i</b><i></i><i> address</i><dd>
|
||||
This option is only valid with the
|
||||
<b>-</b><b>b</b>
|
||||
option.
|
||||
It causes
|
||||
<i></i><i>address</i>
|
||||
to use used as the address to bind daemon mode.
|
||||
If otherwise unspecified, the address used to bind is derived from the
|
||||
<i></i><i>myname</i>,
|
||||
which defaults to the name returned by
|
||||
gethostname(3).
|
||||
Only the last
|
||||
<b>-</b><b>i</b>
|
||||
option is used.
|
||||
<p><dt><b>-</b><b>M</b><i></i><i> suffix</i><i> type</i><i> encoding</i><i> encoding11</i><dd>
|
||||
This option adds a new entry to the table that converts file suffixes to
|
||||
content type and encoding.
|
||||
This option takes four additional arguments containing
|
||||
the file prefix, its
|
||||
``Content-Type”,
|
||||
``Content-Encoding”,
|
||||
and
|
||||
``Content-Encoding”
|
||||
for HTTP/1.1 connections, respectively.
|
||||
If any of these are a single dash
|
||||
(``-”),
|
||||
the empty string is used instead.
|
||||
Multiple
|
||||
<b>-</b><b>M</b>
|
||||
options may be passed.
|
||||
<p><dt><b>-</b><b>n</b><dd>
|
||||
This option stops
|
||||
<b>bozohttpd</b>
|
||||
from doing IP address to name resolution of hosts for setting the
|
||||
<code></code><code>REMOTE_HOST</code>
|
||||
variable before running a CGI program.
|
||||
This option has no effect without the
|
||||
<b>-</b><b>c</b>
|
||||
option.
|
||||
<p><dt><b>-</b><b>p</b><i></i><i> pubdir</i><dd>
|
||||
This option changes the default user directory for
|
||||
<em></em><em>/~user/</em>
|
||||
translations from
|
||||
``public_html”
|
||||
to
|
||||
<i></i><i>pubdir</i>.
|
||||
<p><dt><b>-</b><b>r</b><dd>
|
||||
This option forces pages besides the
|
||||
``index.html”
|
||||
(see the
|
||||
<b>-</b><b>X</b>
|
||||
option) page to require that the Referrer: header be present and
|
||||
refer to this web server, otherwise a redirect to the
|
||||
``index.html”
|
||||
page will be returned instead.
|
||||
<p><dt><b>-</b><b>S</b><i></i><i> server_software</i><dd>
|
||||
This option sets the internal server version to
|
||||
<i></i><i>server_software</i>.
|
||||
<p><dt><b>-</b><b>s</b><dd>
|
||||
This option forces logging to be set to stderr always.
|
||||
<p><dt><b>-</b><b>t</b><i></i><i> chrootdir</i><dd>
|
||||
When this option is used,
|
||||
<b>bozohttpd</b>
|
||||
will chroot to the specified directory
|
||||
before answering requests.
|
||||
Every other path should be specified relative
|
||||
to the new root, if this option is used.
|
||||
Note that the current environment
|
||||
is normally replaced with an empty environment with this option, unless the
|
||||
<b>-</b><b>e</b>
|
||||
option is also used.
|
||||
<p><dt><b>-</b><b>U</b><i></i><i> username</i><dd>
|
||||
This option causes
|
||||
<b>bozohttpd</b>
|
||||
to switch to the user and the groups of
|
||||
<i></i><i>username</i>
|
||||
after initialization.
|
||||
This option, like
|
||||
<b>-</b><b>t</b>
|
||||
above, causes
|
||||
<b>bozohttpd</b>
|
||||
to clear the environment unless the
|
||||
<b>-</b><b>e</b>
|
||||
option is given.
|
||||
<p><dt><b>-</b><b>u</b><dd>
|
||||
This option enables the transformation of Uniform Resource Locators of
|
||||
the form
|
||||
<em></em><em>/~user/</em>
|
||||
into the the directory
|
||||
<code></code><code>~user/public_html</code>
|
||||
(but see the
|
||||
<b>-</b><b>p</b>
|
||||
option above).
|
||||
<p><dt><b>-</b><b>V</b><dd>
|
||||
This option sets the default virtual host directory to
|
||||
<i></i><i>slashdir</i>.
|
||||
If no directory exists in
|
||||
<i></i><i>virtualroot</i>
|
||||
for the request, then
|
||||
<i></i><i>slashdir</i>
|
||||
will be used.
|
||||
The default behaviour is to return 404 (Not Found.)
|
||||
<p><dt><b>-</b><b>v</b><i></i><i> virtualroot</i><dd>
|
||||
This option enables virtual hosting support.
|
||||
Directories in
|
||||
<i></i><i>virtualroot</i>
|
||||
will be searched for a matching virtual host name, when parsing
|
||||
the HTML request.
|
||||
If a matching name is found, it will be used
|
||||
as both the server's real name,
|
||||
[<i></i><i>myname</i>],
|
||||
and as the
|
||||
<i></i><i>slashdir</i>.
|
||||
See the
|
||||
<a href="#EXAMPLES">EXAMPLES</a>
|
||||
section for an example of using this option.
|
||||
<p><dt><b>-</b><b>X</b><dd>
|
||||
This option enables directory indexing.
|
||||
A directory index will be generated only when the default file (i.e.
|
||||
<code></code><code>index.html</code>
|
||||
normally) is not present.
|
||||
<p><dt><b>-</b><b>x</b><i></i><i> index</i><dd>
|
||||
This option changes the default file read for directories from
|
||||
``index.html”
|
||||
to
|
||||
<i></i><i>index</i>.
|
||||
<p><dt><b>-</b><b>Z</b><i></i><i> certificate_path</i><i> privatekey_path</i><dd>
|
||||
This option sets the path to the server certificate file and the private key file
|
||||
in pem format.
|
||||
It also causes
|
||||
<b>bozohttpd</b>
|
||||
to start SSL mode.
|
||||
</dl>
|
||||
<p>
|
||||
Note that in
|
||||
<b>bozohttpd</b>
|
||||
versions 20031005 and prior that supported the
|
||||
<b>-</b><b>C</b>
|
||||
and
|
||||
<b>-</b><b>M</b>
|
||||
options, they took a single space-separated argument that was parsed.
|
||||
since version 20040828, they take multiple options (2 in the case of
|
||||
<b>-</b><b>C</b>
|
||||
and 4 in the case of
|
||||
<b>-</b><b>M</b>.)
|
||||
<h4 id="INETD CONFIGURATION">
|
||||
INETD CONFIGURATION
|
||||
</h4>
|
||||
As
|
||||
<b>bozohttpd</b>
|
||||
uses
|
||||
inetd(8)
|
||||
by default to process incoming TCP connections for HTTP requests
|
||||
(but see the
|
||||
<b>-</b><b>b</b>
|
||||
option),
|
||||
<b>bozohttpd</b>
|
||||
has little internal networking knowledge.
|
||||
(Indeed, you can run it on the command line with little change of functionality.)
|
||||
A typical
|
||||
inetd.conf(5)
|
||||
entry would be:
|
||||
<code>
|
||||
<pre>
|
||||
http stream tcp nowait:600 httpd /usr/pkg/libexec/bozohttpd bozohttpd /var/www
|
||||
http stream tcp6 nowait:600 httpd /usr/pkg/libexec/bozohttpd bozohttpd /var/www
|
||||
</pre>
|
||||
</code>
|
||||
<p>
|
||||
This would serve web pages from
|
||||
<code></code><code>/var/www</code>
|
||||
on both IPv4 and IPv6 ports.
|
||||
The
|
||||
<em></em><em>:600</em>
|
||||
changes the
|
||||
requests per minute to 600, up from the
|
||||
inetd(8)
|
||||
default of 40.
|
||||
<p>
|
||||
Using the
|
||||
NetBSD
|
||||
inetd(8),
|
||||
you can provide multiple IP-address based HTTP servers by having multiple
|
||||
listening ports with different configurations.
|
||||
<h4 id="NOTES">
|
||||
NOTES
|
||||
</h4>
|
||||
This server supports the
|
||||
<em></em><em>HTTP/0.9</em>,
|
||||
<em></em><em>HTTP/1.0</em>,
|
||||
and
|
||||
<em></em><em>HTTP/1.1</em>
|
||||
standards.
|
||||
Support for these protocols is very minimal and many optional features are
|
||||
not supported.
|
||||
<p>
|
||||
<b>bozohttpd</b>
|
||||
can be compiled without CGI support (NO_CGIBIN_SUPPORT), user
|
||||
transformations (NO_USER_SUPPORT), directory index support (NO_DIRINDEX_SUPPORT),
|
||||
daemon mode support (NO_DAEMON_MODE), and dynamic MIME content
|
||||
(NO_DYNAMIC_CONTENT), and SSL support (NO_SSL_SUPPORT) by defining the listed
|
||||
macros when building
|
||||
<b>.</b>
|
||||
<h4 id="HTTP BASIC AUTHORISATION">
|
||||
HTTP BASIC AUTHORISATION
|
||||
</h4>
|
||||
<b>bozohttpd</b>
|
||||
has support for HTTP Basic Authorisation.
|
||||
If a file named
|
||||
<code></code><code>.htpasswd</code>
|
||||
exists in the directory of the current request,
|
||||
<b>bozohttpd</b>
|
||||
will restrict access to documents in that directory
|
||||
using the RFC 2617 HTTP
|
||||
``Basic”
|
||||
authentication scheme.
|
||||
<p>
|
||||
Note:
|
||||
This does not recursively protect any sub-directories.
|
||||
<p>
|
||||
The
|
||||
<code></code><code>.htpasswd</code>
|
||||
file contains lines delimited with a colon containing
|
||||
usernames and passwords hashed with
|
||||
crypt(3),
|
||||
for example:
|
||||
<code>
|
||||
<pre>
|
||||
heather:$1$pZWI4tH/$DzDPl63i6VvVRv2lJNV7k1
|
||||
jeremy:A.xewbx2DpQ8I
|
||||
</pre>
|
||||
</code>
|
||||
<p>
|
||||
On
|
||||
NetBSD,
|
||||
the
|
||||
pwhash(1)
|
||||
utility may be used to generate hashed passwords.
|
||||
<p>
|
||||
While
|
||||
<b>bozohttpd</b>
|
||||
distributed with
|
||||
NetBSD
|
||||
has support for HTTP Basic Authorisation enabled by default,
|
||||
in the portable distribution it is excluded.
|
||||
Compile
|
||||
<b>bozohttpd</b>
|
||||
with
|
||||
``-DDO_HTPASSWD”
|
||||
on the compiler command line to enable this support. It may require
|
||||
linking with the crypt library, using
|
||||
``-lcrypt”.
|
||||
<h3 id="FILES">
|
||||
FILES
|
||||
</h3>
|
||||
<b>bozohttpd</b>
|
||||
looks for a couple of special files in directories that allow certain features
|
||||
to be provided on a per-directory basis.
|
||||
In addition to the
|
||||
<code></code><code>.htpasswd</code>
|
||||
used by HTTP basic authorisation,
|
||||
if a
|
||||
<code></code><code>.bzdirect</code>
|
||||
file is found (contents are irrelevant)
|
||||
<b>bozohttpd</b>
|
||||
will allow direct access even with the
|
||||
<b>-</b><b>r</b>
|
||||
option.
|
||||
If a
|
||||
<code></code><code>.bzredirect</code>
|
||||
symbolic link is found,
|
||||
<b>bozohttpd</b>
|
||||
will perform a smart redirect to the target of this symlink.
|
||||
The target is assumed to live on the same server.
|
||||
If a
|
||||
<code></code><code>.bzabsredirect</code>
|
||||
symbolic link is found,
|
||||
<b>bozohttpd</b>
|
||||
will redirect to the absolute url pointed to by this symlink.
|
||||
This is useful to redirect to different servers.
|
||||
<h3 id="SSL SUPPORT">
|
||||
SSL SUPPORT
|
||||
</h3>
|
||||
<b>bozohttpd</b>
|
||||
has support for SSLv2, SSLv3, and TLSv1 protocols that is included by
|
||||
default. It requires linking with the crypto and ssl library, using
|
||||
``-lcrypto -lssl”.
|
||||
To disable SSL SUPPORT compile
|
||||
<b>bozohttpd</b>
|
||||
with
|
||||
``-DNO_SSL_SUPPORT”
|
||||
on the compiler command line.
|
||||
<h3 id="EXAMPLES">
|
||||
EXAMPLES
|
||||
</h3>
|
||||
To configure set of virtual hosts, one would use an
|
||||
inetd.conf(5)
|
||||
entry like:
|
||||
<code>
|
||||
<pre>
|
||||
http stream tcp nowait:600 httpd /usr/pkg/libexec/bozohttpd bozohttpd -v /var/vroot /var/www
|
||||
</pre>
|
||||
</code>
|
||||
<p>
|
||||
and inside
|
||||
<code></code><code>/var/vroot</code>
|
||||
create a directory (or a symlink to a directory) with the same name as
|
||||
the virtual host, for each virtual host.
|
||||
Lookups for these names are done in a case-insensitive manner.
|
||||
<p>
|
||||
To use
|
||||
<b>bozohttpd</b>
|
||||
with PHP, one must use the
|
||||
<b>-</b><b>C</b>
|
||||
option to specify a CGI handler for a particular file type.
|
||||
Typically this, this will be like:
|
||||
<code>
|
||||
<pre>
|
||||
bozohttpd -C .php /usr/pkg/bin/php /var/www
|
||||
</pre>
|
||||
</code>
|
||||
<h3 id="SEE ALSO">
|
||||
SEE ALSO
|
||||
</h3>
|
||||
inetd.conf(5),
|
||||
inetd(8)
|
||||
<h3 id="HISTORY">
|
||||
HISTORY
|
||||
</h3>
|
||||
The
|
||||
<b>bozohttpd</b>
|
||||
program was first written in perl, based on another perl http server
|
||||
called
|
||||
``tinyhttpd”.
|
||||
It was then rewritten from scratch in perl, and then once again in C.
|
||||
The focus has always been simplicity and security, with minimal features
|
||||
and regular code audits.
|
||||
This manual documents
|
||||
<b>bozohttpd</b>
|
||||
version 20090418.
|
||||
<h3 id="AUTHORS">
|
||||
AUTHORS
|
||||
</h3>
|
||||
<b>bozohttpd</b>
|
||||
was written by Matthew R. Green
|
||||
<mrg@eterna.com.au>.
|
||||
<p>
|
||||
The large list of contributors includes:
|
||||
<dl>
|
||||
<p><dd>-
|
||||
Arnaud Lacombe
|
||||
<alc@netbsd.org>
|
||||
provided some clean up for memory leaks
|
||||
<p><dd>-
|
||||
Christoph Badura
|
||||
<bad@bsd.de>
|
||||
provided Range: header support
|
||||
<p><dd>-
|
||||
Julian Coleman
|
||||
<jdc@coris.org.uk>
|
||||
provided an IPv6 bugfix
|
||||
<p><dd>-
|
||||
Chuck Cranor
|
||||
<chuck@research.att.com>
|
||||
provided cgi-bin support fixes, and more
|
||||
<p><dd>-
|
||||
DEGROOTE Arnaud
|
||||
<degroote@netbsd.org>
|
||||
provided a fix for daemon mode
|
||||
<p><dd>-
|
||||
Andrew Doran
|
||||
<ad@netbsd.org>
|
||||
provided directory indexing support
|
||||
<p><dd>-
|
||||
Per Ekman
|
||||
<pek@pdc.kth.se>
|
||||
provided a fix for a minor (non-security) buffer overflow condition
|
||||
<p><dd>-
|
||||
Jun-ichiro itojun Hagino, KAME
|
||||
<itojun@iijlab.net>
|
||||
provided initial IPv6 support
|
||||
<p><dd>-
|
||||
Martin Husemann
|
||||
<martin@netbsd.org>
|
||||
provided .bzabsredirect support
|
||||
<p><dd>-
|
||||
Arto Huusko
|
||||
<arto.huusko@pp2.inet.fi>
|
||||
provided fixes cgi-bin
|
||||
<p><dd>-
|
||||
Roland Illig
|
||||
<roland.illig@gmx.de>
|
||||
provided some off-by-one fixes
|
||||
<p><dd>-
|
||||
Zak Johnson
|
||||
<zakj@nox.cx>
|
||||
provided cgi-bin enhancements
|
||||
<p><dd>-
|
||||
Nicolas Jombart
|
||||
<ecu@ipv42.net>
|
||||
provided fixes for HTTP basic authorisation support
|
||||
<p><dd>-
|
||||
Thomas Klausner
|
||||
<wiz@danbala.ifoer.tuwien.ac.at>
|
||||
provided many fixes and enhancements for the man page
|
||||
<p><dd>-
|
||||
Johnny Lam
|
||||
<jlam@netbsd.org>
|
||||
provided man page fixes
|
||||
<p><dd>-
|
||||
Luke Mewburn
|
||||
<lukem@netbsd.org>
|
||||
provided many various fixes, including cgi-bin fixes and enhancements,
|
||||
HTTP basic authorisation support and much code clean up
|
||||
<p><dd>-
|
||||
Jeremey Reed
|
||||
<reed@netbsd.org>
|
||||
provided several clean up fixes, and man page updates
|
||||
<p><dd>-
|
||||
Scott Reynolds
|
||||
<scottr@netbsd.org>
|
||||
provided various fixes
|
||||
<p><dd>-
|
||||
Tyler Retzlaff
|
||||
<rtr@eterna.com.au>
|
||||
provided SSL support, cgi-bin fixes and much other random other stuff
|
||||
<p><dd>-
|
||||
Steve Rumble
|
||||
<rumble@ephemeral.org>
|
||||
provided the
|
||||
<b>-</b><b>V</b>
|
||||
option.
|
||||
<p><dd>-
|
||||
Joerg Sonnenberger
|
||||
<joerg@netbsd.org>
|
||||
implemented If-Modified-Since support
|
||||
<p><dd>-
|
||||
ISIHARA Takanori
|
||||
<ishit@oak.dti.ne.jp>
|
||||
provided a man page fix
|
||||
<p><dd>-
|
||||
Holger Weiss
|
||||
<holger@CIS.FU-Berlin.DE>
|
||||
provided http authorisation fixes
|
||||
<p><dd>-
|
||||
<xs@kittenz.org>
|
||||
provided chroot and change-to-user support, and other various fixes
|
||||
<p><dd>-
|
||||
Coyote Point provided various CGI fixes
|
||||
</dl>
|
||||
<p>
|
||||
There are probably others I have forgotten (let me know if you care)
|
||||
<p>
|
||||
Please send all updates to
|
||||
<b>bozohttpd</b>
|
||||
to
|
||||
<mrg@eterna.com.au>
|
||||
for inclusion in future releaases.
|
||||
<h3 id="BUGS">
|
||||
BUGS
|
||||
</h3>
|
||||
<b>bozohttpd</b>
|
||||
does not handled HTTP/1.1 chunked input from the client yet.
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
306
libexec/httpd/bozohttpd.8.txt
Normal file
306
libexec/httpd/bozohttpd.8.txt
Normal file
@ -0,0 +1,306 @@
|
||||
BOZOHTTPD(8) NetBSD System Manager's Manual BOZOHTTPD(8)
|
||||
|
||||
NAME
|
||||
bozohttpd -- hyper text transfer protocol version 1.1 daemon
|
||||
|
||||
SYNOPSIS
|
||||
bozohttpd [-HVXbenrus] [-C suffix cgihandler] [-I port]
|
||||
[-M suffix type encoding encoding11] [-S server_software]
|
||||
[-c cgibin] [-i address] [-p pubdir] [-t chrootdir]
|
||||
[-v virtualroot] [-x index] [-Z cert privkey] slashdir [myname]
|
||||
|
||||
DESCRIPTION
|
||||
The bozohttpd program reads a HTTP request from the standard input, and
|
||||
sends a reply to the standard output. Besides ~user translation and vir-
|
||||
tual hosting support (see below), all file requests are from slashdir
|
||||
directory. The server uses myname as its name, which defaults to the
|
||||
local hostname, obtained from gethostname(3) (but see the -v option for
|
||||
virtual hosting.) bozohttpd is designed to be small, simple and rela-
|
||||
tively featureless, hopefully increasing its security.
|
||||
|
||||
OPTIONS
|
||||
The following options are available:
|
||||
|
||||
-b This option enables daemon mode, where bozohttpd detaches from
|
||||
the current terminal, running in the background and servicing
|
||||
HTTP requests.
|
||||
|
||||
-C suffix cgihandler
|
||||
This option adds a new CGI handler program for a particular
|
||||
file type. The suffix should be any normal file suffix, and
|
||||
the cgihandler should be a full path to an interpreter. This
|
||||
option is the only way to enable CGI programs that exist out-
|
||||
side of the cgibin directory to be executed. Multiple -C
|
||||
options may be passed.
|
||||
|
||||
-c cgibin This option enables the CGI/1.1 interface. The cgibin direc-
|
||||
tory is expected to contain the CGI programs to be used.
|
||||
bozohttpd looks for URL's in the form of /cgi-bin/<scriptname>
|
||||
where <scriptname> is a valid CGI program in the cgibin direc-
|
||||
tory. In other words, all CGI URL's must begin with
|
||||
/cgi-bin/. Note that the CGI/1.1 interface is not available
|
||||
with ~user translation.
|
||||
|
||||
-e This option causes bozohttpd to not clear the environment when
|
||||
used with either the -t or -U options.
|
||||
|
||||
-H This option causes directory index mode to hide files and
|
||||
directories that start with a period, except for ... Also see
|
||||
-X.
|
||||
|
||||
-I port This option is only valid with the -b option. It causes port
|
||||
to use used as the port to bind daemon mode. The default is
|
||||
the ``http'' port.
|
||||
|
||||
-i address
|
||||
This option is only valid with the -b option. It causes
|
||||
address to use used as the address to bind daemon mode. If
|
||||
otherwise unspecified, the address used to bind is derived
|
||||
from the myname, which defaults to the name returned by
|
||||
gethostname(3). Only the last -i option is used.
|
||||
|
||||
-M suffix type encoding encoding11
|
||||
This option adds a new entry to the table that converts file
|
||||
suffixes to content type and encoding. This option takes four
|
||||
additional arguments containing the file prefix, its
|
||||
``Content-Type'', ``Content-Encoding'', and
|
||||
``Content-Encoding'' for HTTP/1.1 connections, respectively.
|
||||
If any of these are a single dash (``-''), the empty string is
|
||||
used instead. Multiple -M options may be passed.
|
||||
|
||||
-n This option stops bozohttpd from doing IP address to name res-
|
||||
olution of hosts for setting the REMOTE_HOST variable before
|
||||
running a CGI program. This option has no effect without the
|
||||
-c option.
|
||||
|
||||
-p pubdir This option changes the default user directory for /~user/
|
||||
translations from ``public_html'' to pubdir.
|
||||
|
||||
-r This option forces pages besides the ``index.html'' (see the
|
||||
-X option) page to require that the Referrer: header be
|
||||
present and refer to this web server, otherwise a redirect to
|
||||
the ``index.html'' page will be returned instead.
|
||||
|
||||
-S server_software
|
||||
This option sets the internal server version to
|
||||
server_software.
|
||||
|
||||
-s This option forces logging to be set to stderr always.
|
||||
|
||||
-t chrootdir
|
||||
When this option is used, bozohttpd will chroot to the speci-
|
||||
fied directory before answering requests. Every other path
|
||||
should be specified relative to the new root, if this option
|
||||
is used. Note that the current environment is normally
|
||||
replaced with an empty environment with this option, unless
|
||||
the -e option is also used.
|
||||
|
||||
-U username
|
||||
This option causes bozohttpd to switch to the user and the
|
||||
groups of username after initialization. This option, like -t
|
||||
above, causes bozohttpd to clear the environment unless the -e
|
||||
option is given.
|
||||
|
||||
-u This option enables the transformation of Uniform Resource
|
||||
Locators of the form /~user/ into the the directory
|
||||
~user/public_html (but see the -p option above).
|
||||
|
||||
-V This option sets the default virtual host directory to
|
||||
slashdir. If no directory exists in virtualroot for the
|
||||
request, then slashdir will be used. The default behaviour is
|
||||
to return 404 (Not Found.)
|
||||
|
||||
-v virtualroot
|
||||
This option enables virtual hosting support. Directories in
|
||||
virtualroot will be searched for a matching virtual host name,
|
||||
when parsing the HTML request. If a matching name is found,
|
||||
it will be used as both the server's real name, [myname], and
|
||||
as the slashdir. See the EXAMPLES section for an example of
|
||||
using this option.
|
||||
|
||||
-X This option enables directory indexing. A directory index
|
||||
will be generated only when the default file (i.e. index.html
|
||||
normally) is not present.
|
||||
|
||||
-x index This option changes the default file read for directories from
|
||||
``index.html'' to index.
|
||||
|
||||
-Z certificate_path privatekey_path
|
||||
This option sets the path to the server certificate file and
|
||||
the private key file in pem format. It also causes bozohttpd
|
||||
to start SSL mode.
|
||||
|
||||
Note that in bozohttpd versions 20031005 and prior that supported the -C
|
||||
and -M options, they took a single space-separated argument that was
|
||||
parsed. since version 20040828, they take multiple options (2 in the
|
||||
case of -C and 4 in the case of -M.)
|
||||
|
||||
INETD CONFIGURATION
|
||||
As bozohttpd uses inetd(8) by default to process incoming TCP connections
|
||||
for HTTP requests (but see the -b option), bozohttpd has little internal
|
||||
networking knowledge. (Indeed, you can run it on the command line with
|
||||
little change of functionality.) A typical inetd.conf(5) entry would be:
|
||||
|
||||
http stream tcp nowait:600 httpd /usr/pkg/libexec/bozohttpd bozohttpd /var/www
|
||||
http stream tcp6 nowait:600 httpd /usr/pkg/libexec/bozohttpd bozohttpd /var/www
|
||||
|
||||
This would serve web pages from /var/www on both IPv4 and IPv6 ports.
|
||||
The :600 changes the requests per minute to 600, up from the inetd(8)
|
||||
default of 40.
|
||||
|
||||
Using the NetBSD inetd(8), you can provide multiple IP-address based HTTP
|
||||
servers by having multiple listening ports with different configurations.
|
||||
|
||||
NOTES
|
||||
This server supports the HTTP/0.9, HTTP/1.0, and HTTP/1.1 standards.
|
||||
Support for these protocols is very minimal and many optional features
|
||||
are not supported.
|
||||
|
||||
bozohttpd can be compiled without CGI support (NO_CGIBIN_SUPPORT), user
|
||||
transformations (NO_USER_SUPPORT), directory index support
|
||||
(NO_DIRINDEX_SUPPORT), daemon mode support (NO_DAEMON_MODE), and dynamic
|
||||
MIME content (NO_DYNAMIC_CONTENT), and SSL support (NO_SSL_SUPPORT) by
|
||||
defining the listed macros when building bozohttpd.
|
||||
|
||||
HTTP BASIC AUTHORISATION
|
||||
bozohttpd has support for HTTP Basic Authorisation. If a file named
|
||||
.htpasswd exists in the directory of the current request, bozohttpd will
|
||||
restrict access to documents in that directory using the RFC 2617 HTTP
|
||||
``Basic'' authentication scheme.
|
||||
|
||||
Note: This does not recursively protect any sub-directories.
|
||||
|
||||
The .htpasswd file contains lines delimited with a colon containing user-
|
||||
names and passwords hashed with crypt(3), for example:
|
||||
|
||||
heather:$1$pZWI4tH/$DzDPl63i6VvVRv2lJNV7k1
|
||||
jeremy:A.xewbx2DpQ8I
|
||||
|
||||
On NetBSD, the pwhash(1) utility may be used to generate hashed pass-
|
||||
words.
|
||||
|
||||
While bozohttpd distributed with NetBSD has support for HTTP Basic Autho-
|
||||
risation enabled by default, in the portable distribution it is excluded.
|
||||
Compile bozohttpd with ``-DDO_HTPASSWD'' on the compiler command line to
|
||||
enable this support. It may require linking with the crypt library,
|
||||
using ``-lcrypt''.
|
||||
|
||||
FILES
|
||||
bozohttpd looks for a couple of special files in directories that allow
|
||||
certain features to be provided on a per-directory basis. In addition to
|
||||
the .htpasswd used by HTTP basic authorisation, if a .bzdirect file is
|
||||
found (contents are irrelevant) bozohttpd will allow direct access even
|
||||
with the -r option. If a .bzredirect symbolic link is found, bozohttpd
|
||||
will perform a smart redirect to the target of this symlink. The target
|
||||
is assumed to live on the same server. If a .bzabsredirect symbolic link
|
||||
is found, bozohttpd will redirect to the absolute url pointed to by this
|
||||
symlink. This is useful to redirect to different servers.
|
||||
|
||||
SSL SUPPORT
|
||||
bozohttpd has support for SSLv2, SSLv3, and TLSv1 protocols that is
|
||||
included by default. It requires linking with the crypto and ssl library,
|
||||
using ``-lcrypto -lssl''. To disable SSL SUPPORT compile bozohttpd with
|
||||
``-DNO_SSL_SUPPORT'' on the compiler command line.
|
||||
|
||||
EXAMPLES
|
||||
To configure set of virtual hosts, one would use an inetd.conf(5) entry
|
||||
like:
|
||||
|
||||
http stream tcp nowait:600 httpd /usr/pkg/libexec/bozohttpd bozohttpd -v /var/vroot /var/www
|
||||
|
||||
and inside /var/vroot create a directory (or a symlink to a directory)
|
||||
with the same name as the virtual host, for each virtual host. Lookups
|
||||
for these names are done in a case-insensitive manner.
|
||||
|
||||
To use bozohttpd with PHP, one must use the -C option to specify a CGI
|
||||
handler for a particular file type. Typically this, this will be like:
|
||||
|
||||
bozohttpd -C .php /usr/pkg/bin/php /var/www
|
||||
|
||||
SEE ALSO
|
||||
inetd.conf(5), inetd(8)
|
||||
|
||||
HISTORY
|
||||
The bozohttpd program was first written in perl, based on another perl
|
||||
http server called ``tinyhttpd''. It was then rewritten from scratch in
|
||||
perl, and then once again in C. The focus has always been simplicity and
|
||||
security, with minimal features and regular code audits. This manual
|
||||
documents bozohttpd version 20090418.
|
||||
|
||||
AUTHORS
|
||||
bozohttpd was written by Matthew R. Green <mrg@eterna.com.au>.
|
||||
|
||||
The large list of contributors includes:
|
||||
|
||||
- Arnaud Lacombe <alc@netbsd.org> provided some clean up for memory
|
||||
leaks
|
||||
|
||||
- Christoph Badura <bad@bsd.de> provided Range: header support
|
||||
|
||||
- Julian Coleman <jdc@coris.org.uk> provided an IPv6 bugfix
|
||||
|
||||
- Chuck Cranor <chuck@research.att.com> provided cgi-bin support fixes,
|
||||
and more
|
||||
|
||||
- DEGROOTE Arnaud <degroote@netbsd.org> provided a fix for daemon mode
|
||||
|
||||
- Andrew Doran <ad@netbsd.org> provided directory indexing support
|
||||
|
||||
- Per Ekman <pek@pdc.kth.se> provided a fix for a minor (non-security)
|
||||
buffer overflow condition
|
||||
|
||||
- Jun-ichiro itojun Hagino, KAME <itojun@iijlab.net> provided initial
|
||||
IPv6 support
|
||||
|
||||
- Martin Husemann <martin@netbsd.org> provided .bzabsredirect support
|
||||
|
||||
- Arto Huusko <arto.huusko@pp2.inet.fi> provided fixes cgi-bin
|
||||
|
||||
- Roland Illig <roland.illig@gmx.de> provided some off-by-one fixes
|
||||
|
||||
- Zak Johnson <zakj@nox.cx> provided cgi-bin enhancements
|
||||
|
||||
- Nicolas Jombart <ecu@ipv42.net> provided fixes for HTTP basic autho-
|
||||
risation support
|
||||
|
||||
- Thomas Klausner <wiz@danbala.ifoer.tuwien.ac.at> provided many fixes
|
||||
and enhancements for the man page
|
||||
|
||||
- Johnny Lam <jlam@netbsd.org> provided man page fixes
|
||||
|
||||
- Luke Mewburn <lukem@netbsd.org> provided many various fixes, includ-
|
||||
ing cgi-bin fixes and enhancements, HTTP basic authorisation support
|
||||
and much code clean up
|
||||
|
||||
- Jeremey Reed <reed@netbsd.org> provided several clean up fixes, and
|
||||
man page updates
|
||||
|
||||
- Scott Reynolds <scottr@netbsd.org> provided various fixes
|
||||
|
||||
- Tyler Retzlaff <rtr@eterna.com.au> provided SSL support, cgi-bin
|
||||
fixes and much other random other stuff
|
||||
|
||||
- Steve Rumble <rumble@ephemeral.org> provided the -V option.
|
||||
|
||||
- Joerg Sonnenberger <joerg@netbsd.org> implemented If-Modified-Since
|
||||
support
|
||||
|
||||
- ISIHARA Takanori <ishit@oak.dti.ne.jp> provided a man page fix
|
||||
|
||||
- Holger Weiss <holger@CIS.FU-Berlin.DE> provided http authorisation
|
||||
fixes
|
||||
|
||||
- <xs@kittenz.org> provided chroot and change-to-user support, and
|
||||
other various fixes
|
||||
|
||||
- Coyote Point provided various CGI fixes
|
||||
|
||||
There are probably others I have forgotten (let me know if you care)
|
||||
|
||||
Please send all updates to bozohttpd to <mrg@eterna.com.au> for inclusion
|
||||
in future releaases.
|
||||
|
||||
BUGS
|
||||
bozohttpd does not handled HTTP/1.1 chunked input from the client yet.
|
||||
|
||||
BOZOS April 17, 2009 BOZOS
|
Loading…
Reference in New Issue
Block a user