TinyHTTPD
<Olaf.Titz@inka.de>
TinyHTTPD - minimum HTTP server in perl
Recently I needed a test-bed for scripts that generate HTML, and file
access didn't suffice. As usually, the first attempt at
awk-ing the request from a socket(1) executed script
soon grew big and ugly with ever more special cases being added. As
the need to support ISINDEX and FORMs came up, I re-wrote the whole
thing in perl. Now the simple test aid has become a program
that can be used in similar situations when you need an HTTP server
quickly without worrying to install a CERN or NCSA server.
This one does not have all the features needed; in particular, it
knows only about text, HTML and GIF files and the support for CGI
scripts is limited (just enough t ocheck if they work and produce
correct output). It supports only HTTP 1.0 and only GET and POST
requests.
Configuring and Using
The script starts with a configuration section in which you specify
the port to listen on, the directories for HTML files and CGI programs
and the access control list (see below). Simply run the script under
perl(works with version 4.0). It generates a log file
httpd.log that records every access with time, PID and URL.
I have replaced the usually needed require 'sys/socket.ph'
with a few macro definitions, check if these are correct on your
system.
Security considerations
I wrote this as an aid for controlled short-term testing purposes, not
to support a publicly available WWW server. So the security features
such a server would need are missing. Potentially, this script can
read/execute every file that is readable/executable by its UID. (It
blocks.. in URLs but nothing else.) The program
intentionally refuses to run as root or set-uid. Achieving proper
security is hard and this is too simple and hacked-up to be
fireproof. I strongly recommend against using it in a production
environment - get the
"http://hoohoo.ncsa.uiuc.edu/docs/Overview.html" NCSA or
"http://info.cern.ch/hypertext/WWW/Daemon/User/Guide.html" CERN
httpd instead. The simplest security measures are built in,
however. You can (have to) define access control lists; keep them as
restricted as necessary. The ACL consists of pairs of regexps against
which hostname (including aliases) and URL are matched. If the URL is
prefixed with a !, this means "deny". At least one allowed
pattern pair must match, no denied pattern may match to get access.
Availability
The current version is numbered 1.4 and about 5.5 kbytes in size. It
was posted on alt.sources on August 15, 1994.
I place this in the public domain. I explicitly disclaim any express
or imlied warranty and responsibility for any consequences of the use
of this program.
Use strictly at your own risk.
If you find a bug, send mail to: Olaf.Titz@inka.de
|
