This is a simple http server for pure static content. You can use it to serve the content of a ftp server via http for example. It is also nice to export some files the quick way by starting a http server in a few seconds, without editing some config file first.

It uses sendfile() and knows how to use sendfile on linux and FreeBSD. Adding other systems shouldn't be difficult. To use it with linux you'll need a 2.2.x kernel and glibc 2.1.

There is some sendfile emulation code which uses a userland bounce buffer, this allows to compile and use webfs on systems without sendfile().

• single process: select() + non-blocking I/O.
• trimmed to use as few system calls as possible per request.
• use sendfile to avoid copying data to userspace.
• optional thread support. Every thread has its own select loop then (compile time option, off by default, edit the Makefile to turn it on).
• automatically generates directory listings when asked for a directory (check for index.html available as option), caches the listings.
• no config file, just a few switches. Try "webfsd -h" for a list, check the man page for a more indepth description.
• Uses /etc/mime.types to map file extentions to mime/types.
• Uses normal unix access rights, it will deliver every regular file it is able to open for reading. If you want it to serve public-readable files only, make sure it runs as nobody/nogroup.
• supports keep-alive and pipelined requests.
• serves byte ranges.
• supports virtual hosts.
• supports ipv6.
• optional logging in common log file format.
• optional error logging (to syslog / stderr).
• limited CGI support (GET requests only).
• optional SSL support.

• figure out why the acroread plugin doesn't like my multipart/byteranges responses.
• benchmarking / profiling.

Don't expect much more features. I want to keep it small and simple. It is supported to serve just files and to do this in a good and fast way. It is supposed to be HTTP/1.1 (RfC 2068) compliant. Conditional compliant as there is no entity tag support.

$ make $ su -c "make install"

See INSTALL for more details.

The default for the number of parallel connections is very low (32), you might have to raise this.

You probably don't get better performance by turning on threads. For static content I/O bandwidth is the bottleneck. My box easily fills up the network bandwidth while webfsd uses less than 10% CPU time (Pentium III/450 MHz, Fast Ethernet, Tulip card).

You might win with threads if you have a very fast network connection and a lot of traffic. The sendfile() system call blocks if it has to read from harddisk. While one thread waits for data in sendfile(), another can keep the network card busy. You'll probably get best results with a small number of threads (2-3) per CPU.

Enough RAM probably also helps to speed up things. Although webfs itself will not need very much memory, your kernel will happily use the memory as cache for the data sent out via sendfile().

I have no benchmark numbers for webfsd.

I can't guarantee that there are no security flaws. If you find one, report it as a bug. I've done my very best while writing webfsd, I hope there are no serious bugs like buffer overflows (and no other bugs of course...). If webfsd dumps core, you /have/ a problem; this really shouldn't happen.

Don't use versions below 1.20, there are known security holes.

• large file support.
• s/sprintf/snprintf/ in some places.
• changed timestamp handling, webfs doesn't attempt to parse them any more but does a strcmp of rfc1123 dates.
• access log uses local time not GMT now.
• some ssl/cgi cleanups (based on patches from Ludo Stellingwerff).
• misc fixes.

• CGI pipe setup bugfix.
• Don't allow ".." as hostname (security hole with vhosts enabled).
• fix buffer overflow in ls.c with very long file names.
• misc other fixes / cleanups.

• documentation spell fixes (Ludo Stellingwerff).
• added missing items (last two) to the 1.18 Changes notes (pointed out by Jedi/Sector One [email protected]).
• Makefile changes.
• finished user home-directory support.

• added -j switch.
• compile fixes for the threaded version.
• use accept filters (FreeBSD).
• shuffled around access log locks.
• added optional SSL support (based on patches by Ludo Stellingwerff [email protected]).
• run only the absolute needed code with root privileges (bind+chroot) if installed suid-root.
• Makefile tweaks.
• fixed buffer overflow in request.c
• started user home-directory support.

• fix bug in request cleanup code (didn't cleanup properly after byte-range requests, thus making webfsd bomb out on non-range requests following a byte-range request on the same keep-alive connection).

• fix bug in %xx handling (adding CGI support broke this).

• allways use Host: supplied hostname if needed (redirect, ...).
• added -4 / -6 switches.
• Added CGI support (GET requests only).
• compile fix for OpenBSD

• fixed a bug in Basic authentication.

• bumped the version number this time :-)
• small freebsd update (use strmode).
• added -e switch.

• fixed byte rage header parser to deal correctly with 64bit off_t.

• added pidfile support.

• added TCP_CORK support.

• one more security fix (drop secondary groups).
• catch malloc() failures in ls.c.

• security fix (parsing option '-n' did unchecked strcpy).
• documentation updates.

• fixed the sloppy usage of addrlen for the ipv6 name lookup functions. Linux worked fine, but the BSD folks have some more strict checks...
• allow to write the access log to stdout (use "-" as filename)

• fixed a bug in the base64 decoder (which broke basic auth for some user/passwd combinations)
• added virtual host support.
• webfsd can chroot to $DOCUMENT_ROOT now.

• overwrite the -b user:pw command line option to hide the password (doesn't show up in ps anymore)

• added ipv6 support.
• bugfix in logfile timestamps.

• added basic authentication (one username/password for all files)

• added some casts to compile cleanly on Solaris.
• new -F flag (don't run as daemon).

• fixed a quoting bug.
• documentation updates, minor tweaks.

• fixed a bug in the directory cache.
• fixed uncatched malloc()/realloc() failures.
• added optional pthreads support. Edit the Makefile to turn it on.

• some portability problems fixed (0.6 didn't compile on FreeBSD).
• added a sendfile() emulation based on read()/write() as fallback if there is no sendfile() available.
• bugfix: '#' must be quoted too...

• increased the listen backlog.
• optionally flush every logfile line to disk.
• new switch to specify the location of the mime.types file.
• byte range bug fixes.
• switch for the hostname has been changed ('-s' => '-n').
• optional log errors to the syslog (switch '-s').
• added sample start/stop script for RedHat.

• FreeBSD port (Charles Randall [email protected])
• minor tweaks and spelling fixes.

• last-modified headers (and 304 responses) for directory listings.
• new switch: -f index.html (or whatever you want to use for directory indices)
• killed the access() system calls in the ls() function.
• added cache for user/group names.
• wrote a manual page.

• multipart/byteranges improved: You'll get a correct Content-length: header for the whole thing, and we can handle keep-alive on these requests now.
• bugfix: catch accept() failures.
• bugfix: quote the path in 302 redirect responses.
• accept absolute URLs ("GET http://host/path HTTP/1.1")
• fixed handling of conditional GET requests (hope it is RFC-Compilant now...).
• bugfix: '+' must be quoted using %xx.

• added URL quoting.
• root can set uid/gid now.
• webfs ditches any setuid/setgid priviliges after binding to the TCP port by setting effective to real uid/gid. It should be safe to install webfsd suid root to allow users to use ports below 1024 (and only this of course). If anyone finds a flaw in this code drop me a note.
• more verbose directory listing.
• added logging. It does the usual logfile reopen on SIGHUP.

• first public release.

Have fun, Gerd

-- Gerd Knorr [email protected]