Stepan Roh
Version 0.3.1
Document revision 1.2 (2009/05/17)
Motto: 's' as stupid.
shttpd is intended mainly for personal use. Even ordinary user can run it even though
he must use port numbers greater than 1024. It supports reasonable subset of
HTTP/1.0 and HTTP/1.1 (no virtual servers, conditional GET or persistent
connections). Can handle only static pages, no dynamics (SSI, PHP and so
on). From this results that it can handle only methods GET, HEAD, OPTIONS
and TRACE. It does not support modules.
For its run it needs a configuration file. By default it is shttpd.cfg in
current directory, but name can be changed by parameter -f (see shttpd -?).
Server run ends by Ctrl-C (if it is run on foreground) or by sending one of
signals SIGINT, SIGHUP, SIGTERM.
Without threads support (can be found out with shttpd -?) it can handle only
one request at a time. If threads are compiled-in then threads are created
as long as all requests are handled or number of running threads reaches
given limit.
Comments are preceded by character '#'. Configuration file consists of lines
in the format <variable_name> <value>. String values are written in
quotation marks - may contain sequences starting with '\' ('"' for quotation
mark, '\' for backslash, 'n' for newline, 't' for tabulator, 'r' for
carriage return alias CR).
Usable variables:
- min_threads
- number of threads which exists during whole server run (valid only if threads support is compiled-in); default: 4
- max_threads
- max number of threads (if threads support is not compiled-in than it defines max number of waiting requests); default: 16
- port
- TCP/IP port where server listens to requests (standard HTTP port is 80); default: 8080
- access_log
- name of the file where connections information is stored - it has lines in the format: "[date and time] address from "first line of request" status code length of transferred data" If it is set to '-' there will be no access logging; default: "access_log.shttpd"
- error_log
- name of the file where server messages are stored - both normal and error. If it is set to '-' there will be no logging; default: "error_log.shttpd"
- log_level
- lowest log level for messages written to error log. Possible values are (from lowest to highest): LOG_LEVEL_INFO, LOG_LEVEL_WARN, LOG_LEVEL_ERR, LOG_LEVEL_SYS, LOG_LEVEL_MAX (nothing will be written); default: LOG_LEVEL_INFO
- error_log_stderr
- 1 if everything written to error log should be written to stderr (standard error output) too - 0 otherwise; default: 1
- doc_root
- directory with to be shown documents. Must end with character '/'; default: "html/"
- remote_names
- 1 if name address is stored into access log - 0 for numeric address (translation from numeric to named can take some time); default: 1
- status_page
- has more complicated format <status code> <string> which assigns HTML response to some status code (e.g. 404 which is Not Found). If string is set to '-' without quotes only HTTP header Status and empty body are sent. First sequence '%s' in the string is replaced by name of the document which triggered the error; default: all errors generated by the server are defined (those are 301, 400, 403, 404, 405, 505).
- index_file
- what file should be taken if directory is requested; default: "index.html"
- media_type
- media (MIME) type which should be returned in the response if type of sent data can not be determined; default: "text/plain"
- media_config
- name of the file with media (MIME) type definitions. If set to '-' no file is read. File has lines in the format: "media (MIME) type [extension1 extension2 ...]" and comment lines beginning with '#'. Extensions are without leading dot. Types of sent files are determined by looking up their extensions in this file; default: "mime.types"
Changes from version 0.3 to version 0.3.1 (2009/17/05)
- SECURITY FIX: prevent arbitrary directory traversal
Changes from version 0.2 to version 0.3 (2000/10/03)
- data are sent in blocks
- length of transferred data is stored in access_logu
- SIGPIPE is ignored which previously terminated server if connection was terminated by client, but data were still transferred
- sequence CR LF is sent as end of line (according to RFC 2068)
- documentation in the aft format
Changes from version 0.1 (2000/01/05) to version 0.2 (2000/02/25)
- configure added
- finished 301 Moved Permanently code generation
- bug fixes
- IRIX 6.5: IP address written to log is wrong - maybe wrong system implementation of the function inet_ntoa()
- IRIX 6.5: "Segmentation fault" on exit of the server compiled with threads and without debugging information
- Handling of conditional GET (generation of code 304).
- Generation of Expires header.
- Generation of Last-Modified header.
- Generation of server status page.
- Better usage of temporary threads.
- Dynamic size of input buffers.
- Persistent connections.
- Virtual servers.
- Dynamic pages and modules.
Stepan Roh <src@post.cz>
This document was generated using AFT v5.096