Lil' HTTP v2.2 Documentation

© 2001 Summit Computer Networks




Table Of Contents:

What's New?GO
Getting StartedGO
DirectoriesGO
SettingsGO
SecurityGO
UsersGO
LoggingGO
Other InfoGO
LicenseGO















What's New?:


        Lil' HTTP Server Version 2.2 is the 4th release of the Lil' HTTP Server.  This version is a minor maintenance release which fixed some known security issues with this server.  Also the Close status for the connection is properly reported back to the client.

        Lil' HTTP Server Version 2.1 is the 3rd release of the Lil' HTTP Server.  This version added user configurable 404 & 401 Error Message pages.  Also new in this version is the ability to have the content-type information pulled from the system registry.  If the content-type for a specific type is not in the registry, Lil' HTTP will default back to its internal type for that specific entry.  Lil' HTTP v2.1 can also run multiple copies on the same computer as long as each copy is installed in its own directory and is on a different port or IP address.

        Lil' HTTP Server Version 2.0 was the 2nd release of the Lil' HTTP Server.  This version added several new features such as Enhanced Security, the ability to add multiple users and assign what directories they have access to...   Also added in 2.0 was the Logging Feature.  Now you can track hits on the server and have them written to a log file for each day.   Multiple Secured directories are also now supported as well as the ability to have spaces in normal (Non-Secured) directory names.   Lil' HTTP's code has been completely gone over and refined in many areas, so performance has been increased as well.

        Lil' HTTP Server Version 1.0 was the initial release of Lil' HTTP Server.



Getting Started:


        In order to run Lil' HTTP Server you will need to have TCP/IP installed on the computer to which you are installing.  If you are using a dial-up connection with dynamic addressing, you will have to either run WINIPCFG.EXE and get the IP Address there, or just use the loop-back address of 127.0.0.1 since PPP addresses will not be auto-detected by the server.  If you have a network adapter installed with TCP/IP on it, you can have the server auto-detect the address by entering a 0 (zero) into the address field, and then starting the server.  It will use the IP address that it finds in that case, and update the field accordingly.  The default IP address used is the loop-back address of 127.0.0.1 which you can reference by entering in the address http://localhost/ in your browsers address bar.  The programs default install directory is C:\LilHTTP with the web root, and CGI root beneath that directory.  Once you have installed the server go to the Start menu and open the program "Lil HTTP Server" and you will see the following screen;


        This is the first screen you will see when you launch the program.  If you are upgrading from Lil' HTTP v1.0 you will have to re-enter the information for this version.  Version 1.0 stored all of its values in the registry, and version 2.x stores its data in several disk files located in the LilHTTP main directory.  First notice the 5 buttons on the right hand side of the box.  These buttons work as follows starting from the top right most button and going from right to left:

Minimize — Minimize the program down to the Tray.

Exit — Completely shutdown server.

Info — Display the About Program Dialog Box.

Start — Start Servicing Web Requests.

Stop — Stop Servicing Web Requests.


There is also the "Current Connects" indicator on the upper left.  This will show the current number of active connections open on the server.  Note that some clients open more than 1 connection at a time to transfer web data.

The "Tab Control" on the left hand side of the dialog box has the following fields in it for the current tab position:

Web Server Root — This is the root directory for the server.  Anything above this directory cannot be accessed directly by the server (with the exception of the #include= SSI command).  Only directories below this are visible to the server.

CGI Directory — This is the ONLY directory that Win32 CGI's can be run from!   CGI's placed in any other directory will be transferred to the client rather than executed on the server.   Lil HTTP will only execute Win32 CGI's.  These CGI's are actually Windows 32-bit programs with either the extension .CGI or .EXE.   PERL type CGI's cannot be executed on Lil' HTTP at this time.  CGI's will also have a relative URL from the root directory NOT from a cgi-bin directory.  In other words if a CGI located in the CGI-BIN directory is referenced as www.yourdomain.com/xyz.cgi   Notice that the CGI file name goes directly at the end of the server's domain name as if it were located in the root directory.   This is how Lil' HTTP references CGI's for security reasons.

Startup File Name — This is the name of the default file for when no file name is given.  Common names are default.htm, index.htm, or index.html.


The Next tab we will discuss is the "Settings" tab pictured below.



        The the "Settings" tab has four fields and 2 check box's on it.   These are also very simple and self-explanatory.   The first field on this screen is the "Max Connects" entry.  This entry can be any value from 50 to 1000.  This is not the number of users that it will allow max.  HTTP is different than other types of services in that a browser will open multiple connections to get the different components that make up a web page.  For example, if you had a page with a back ground image, and 3 or 4 other pictures, the browser would open a connection first of all for the actual .html text file, and another connection for the back ground image, and additional connections for each other part of the web page.   Lil HTTP supports "persistent" connections if the client requests such a connection.   Even though a client my request a persistent connection the client may open more than 1 connection.   If you have a page with frames and lots of pictures many connections could be opened all at once just for this one user.  These connections are also closed immediately after they send whatever it is that they are sending to the client unless the client requests a persistent connection.  If this is the case the client will close the un-used connections after a certain amount of time goes by without using them.  The server will also close un-used connections after a period of 5 minutes of dead time.  So while a user is just sitting there reading a web page, he/she is probably not using any connections at all at this point.   So a good number to have this set to is around 500 or so for an average server.  If it starts getting pounded you can up the value to a higher number.  The Connections display in the upper right hand corner will auto-update every few seconds to show the current number of open connections.

        The check box labeled REG content-type will enable/disable the use of the registry settings for obtaining content-type for a specific file extension.  If the box is checked it will use the system registry to determine the content-type.  If the content-type for an extension is not defined in the registry then Lil' HTTP will default to its original internal value for that specific extension.  If this check box is left unchecked, Lil' HTTP will use it's own values for content-types as it did in previous versions.

        The next thing to talk about on this screen is the enable SSI checkbox.  This will enable or disable the processing of Server Side Includes (Talked about later) by the server.

        The next setting is the "Default Port".  This is the port that the server will listen on in order to establish HTTP services.  Port 80 is the default for the World Wide Web.  If you choose an alternate port you will have to include the port in the URL.  Otherwise if there is no port specified in the URL the browser assumes port 80.  A port would be included in a URL with a : separating the address and the port.  An example would be; www.xyz.com/mypage.html:400  This would tell the browser to use port 400 instead of 80 for the URL.

        The next setting is the "Server IP Address" field.  This is where you will tell the server which IP address it is to use.  Most machines only have 1 address, but some might have more than 1 adapter, so you will have to choose which one to use.  By entering a 0 (zero) into this field then clicking the start button, the server will auto-detect the address if it is able.  Otherwise it will use the default address of 127.0.0.1.

        The last field on this screen is the "Server Name" field.  This is where you will put in the name of your web server.  It can be anything that you want.  It doesn't have to be the www address, but it can be if you want it to.



        The next tab to discuss is the "Security" tab.  The security used by this server is very light.  It uses the RFC 2617 (HTTP Authentication: Basic and Digest Access Authentication) Basic method.  Virtually every web browser made supports this method.  The basic method doesn't use any kind of encryption so it isn't something that you would want to use to guard very sensitive data.  The security is provided to keep most people out of certain areas of your web server.  Since the passwords aren't encrypted it is highly recommended to use a password that is unique to this server.  Don't use one that you use everywhere else because a productive hacker could obtain the password if he's around when you type it in.  Now the would-be hacker of course would have to be in your data path between you and the server, but it is best to play it safe.

        If security is enabled (security is enabled by having at least on directory name specified in the list) and a user requests a page that is located in one of the secure directories, he will be prompted for a user name and password.  This user name/password combination will be pulled from the "users" tab settings for the particular user.  The password must match the exact one set for the user name.  The password is case sensitive.  So if you use upper and lower case letters, they must match exactly in order to be accepted.  User Names are also case sensitive (discussed in the next section).

        To Add a directory is really very simple, click the "Add" button and type in the name for the directory that you wish to implement security in.  You are responsible for creating the directory on the server.  The directory will be placed directly under the web root directory.



        Users Accounts are required in order to take advantage of the Secured Directories mentioned in the last section.  This is where you will add, edit, and delete the user accounts.  This screen is really very simple, double click a name in the list to edit it, or use the buttons at the bottom of the list.  Once you click on the "Add" or "Edit" buttons you will see a screen like the one below:



        The User Editor has the following part to it:
Login Name — This is the user's login name.  This name is Case sensitive.

Password — This is the password that accompanies the user name.  The password is also case sensitive.

Account Expiration — If this box is checked, then the date beside it will be the date that this account will no longer be useable on.  You can click on the little down arrow for a calendar window or you can highlight any portion of the date and use the arrow keys to update it.

Directories Lists — There are 2 lists of directories.  The one on the left hand side is the directories that this user has access to, and the one on the right hand side is a list of available directories.  The user must have at least 1 directory that he is allowed access to, or the account will not work.  You can move the directory names from one box to another by either double clicking on a name to move it to the other box or by highlighting a name then clicking on one of the buttons below.

All button — This button will add "ALL" of the available directories to the users Allowed list.

Clear button — This button will "CLEAR" the users allowed list, so that no directories are in it.

Add button — This button will add the currently highlighted item from the Available Items List to the Users Allowed List.

Del button — This button will delete the currently highlighted item from the users allowed list and return it to the available list.

Quit button — This button will abandon any changes and quit the user editor.

Save button — This button will save all changes and then exit the user editor.



        The last tab to talk about is the "Logging" tab.  This screen is shown below:



        Lil' HTTP Server can do 2 different types of logging.  The first type is text/html only, and the second type is all files.  The Text/Html only mode will only show text based documents.  It won't show all of the images, backgrounds etc that go with it.  The second type of logging will log ALL file types.   This will show all images, binaries, etc...  This mode will make a little bigger log file and tie up the server a little more.  The log files contain the Time, and date of the hit.  The requesting IP address, the requesting browser type, the referring URL, the file requested, and various other tid-bits.

        Log Files are stored by the day in the log file directory as specified. The log files are .html files and their name is the date in the following format: yyyymmdd.html, so the log file for July 8, 2001 will have the file name 20010708.html.  The default setting is to place these log files in a directory under the web servers root directory so that they may be viewed via the web by typing in the appropriate URL.  In the example above the log file directory is in a directory called LOGS off of the web server root.   To access this directory with the host name "localhost" you would type the following URL into your browser: http://localhost/logs/20010708.html  this would let you view the July 08, 2001 log file with your browser.



Command Line Switches:



        Lil' HTTP Server will recognize the following command line parameters. /R — Force Server to Run, and /M — Minimize to Tray on load.   These command line switches are implemented on the "Lil HTTP Server (For Startup Group)" Icon in the Lil HTTP Server Group. This shortcut can be placed in the Startup group to have Lil' HTTP load when windows starts up.



Customizing 404 & 401 Error Messages:



        Lil' HTTP will display its own internal HTTP 404 and HTTP 401 Error messages unless you create either of the two files called lilhttp.404 or lilhttp.401.  If either of these files are present (or both) in the "Web Server Root Directory" Lil' HTTP will instead display the contents of these files instead of the internal messages.  It is not reccommended to use background images or other dependancy files in either of these 2 files.  The 404 Error will show background images on most clients, but the 401 message will not show these images if they are present in the HTML file.  NOTE: Microsoft Internet Explorer will show it's own 404 Error page if your file is 512 bytes or smaller!!! (how dare they!)   So when making lilhttp.404 file make sure that its size is at least 513 bytes or larger.



SSI & CGI:



        SSI (Server Side Includes) is a special way of putting commands to the server within a comments section of an .html document.   Lil' HTTP server only supports 3 SSI commands at this time.   They are the #exec cgi command, the #include command and the #debug command.  CGI's are files that can add a lot to your web pages and can do many things.  The CGI (Common Gateway Interface) scripts used by Lil' HTTP are executable files that do some task and then return info to the web server.  Any executable file that can get input from the standard input device and direct output back to the standard output device can be used for CGI.  A CGI file can end in one of several extensions, CGI, EXE, COM, BAS, or BAT.  As long as the operating system can execute it, it can be used with the server.  Don't think that any old EXE or COM or any other extension can just be used as a CGI script.  These programs have to be specifically set up to output HTML code and to parse any input that a web server might give to it.  The CGI's included with this server all end in the CGI extension and are 32-bit windows executables.  A CGI file can be executed either by calling it in an a href= tag, by typing it in directly on the address location (URL), or by embedding it via SSI.  Embedded CGI's only output some simple text and that text becomes part of an .html file that called the CGI script.  To run embedded CGI, you must have the "Enable SSI" box on the "Settings" tab checked.  This tells Lil' HTTP to scan the comment lines of the HTML code for special instructions.   This instruction would look like this

<!-- #exec cgi="mycgiscript.cgi" -->


The #exec cgi command has the name of the CGI file inside of quotes right after it.  The server will then look for this CGI file in the CGI directory execute it with any parameters specified, and replace the comment text with the output from the CGI file.  See the CGIDEMO.HTML file that was included with the server for some examples of this.  Make sure that you open the file with a text editor, and not a web browser or you won't see the #exec cgi commands.  The server will have already replaced them with regular text.

        The #include statement works much like the #exec cgi command.  The #include will read the contents of ANY text file available to the server and imbed it into the existing html file.  The server will do a few fix-ups like replacing hard returns with <br> tags.  The included file does not have to be in the servers root directory since an include file can come from anywhere on the system (BE CAREFUL!).   a sample to include the contents of the AUTOEXEC.BAT file is shown below:

<!-- #include="C:\AUTOEXEC.BAT" -->


        The #debug SSI command will cause the server to dump all of the information that the client has sent along with its request as well as a few other bits of information.  To see this all you would need to do is make an html file with nothing but the debug SSI tag in it, on a line by itself.  See the included debug.html file in the SECURE directory.

<!-- #debug -->


        These are presently the only SSI commands supported by the server.

        Next we will talk about each of the .CGI programs that came with this package.  There are 4 such CGI's and they are each described below.

Datetime.cgi — © 2001 Summit Computer Networks.  This CGI file will show date and time information in a variety of ways to help liven up your web pages.  Run the file datetime.html for a demo of each of these functions.  The file cgidemo.html also calls this program.

Counter.cgi — © 1998, 99 PowerBASIC Inc., Modified by unknown person to add graphical display.  Counter accepts 2 parameters:  counter.cgi?CounterName,ImageDir where the Counter Name is a unique name to give to each page that calls the counter.  The image directory is the directory containing the image files for the graphical display.  These images are .gif files numbered 0 through 9.  If the parameter TEXTONLY is passed as the image directory name, the counter will simply output the text version of the number instead of the image names.  The file cgidemo.html shows an example of this CGI program in use.

PBCgi.cgi — © 1998, 99 PowerBASIC Inc., This program will help you debug forms when you are creating them.  It will show all of the form data passed from an .html form.  See the file cgitest.html for an example of how this works.

Urlcount.cgi — © 1998, 99 PowerBASIC Inc., Modified by Summit Computer Networks.  This is a neat little CGI that will count how many times a link (a href) URL is clicked on.  It can also give reports on all of the collected data.  See the file urlcount.html for a demonstration of this CGI.

The above CGI programs were all written with PowerBASIC's Console Compiler v2.0.  The source code for the PowerBASIC scripts is available with this compiler or it may also be obtained on the PowerBASIC web site at www.powerbasic.com/files/pub/pbwin in a zipfile called CCSAMP20.ZIP.  Lil' HTTP Server was written with PowerBASIC's DLL Compiler v6.0. Both of these products are available at www.powerbasic.com and come highly reccommended by me.  *Summit Computer Networks & Consulting is in no way affiliated with PowerBASIC Inc..  The opinions expressed here are my own, and nothing more.

License Agreement:



        Lil' HTTP Server is distributed "AS IS" as Freeware.  Use of this program is entirely at your own risk.  The author(s) cannot be held liable for any delays, damages, or problems caused in your organization by the use of this program.  Lil' HTTP Server is Copyrighted © 2001 by Summit Computer Networks & Consulting.  You may use this program as much as you want for free!  Feel free to make copies and share them with your friends.  All copies must be distributed in their original (unmodified) fashion.  By installing this software you agree to these terms!

Visit our website at http://www.summitcn.com E-mail info@summitcn.com.