httpd - the NAT32 HTTP daemonSYNOPSIS
start httpd [port]DESCRIPTION
hstat [local | private | public | acl | dx | lx]
proxy [on|off] | [hostname:port] | [username password]
The HTTP daemon listens for incoming HTTP GET requests at the port number specified in argument port. If no port number is specified, the default port 8080 is used. Because HTTPD communicates via Winsock, the daemon listens at the Windows IP addresses, not the NAT32 IP addresses. Any desired web browser can be used to access files in NAT32's htm directory. Access to any other directory is not possible.NOTES
Command execution (Active Content) is supported via GET requests of the following formats:GET /shell?cmd=command+arg1+arg2+... http/1.1 GET /tcl?cmd=command+arg1+arg2+..... http/1.1 GET /java?cmd=command+arg1+arg2+.... http/1.1 GET http://......................... http/1.1 GET /file?name=value................ http/1.1 GET /filename....................... http/1.1
POST requests are also supported.
Note that the Active Content feature only works for pages loaded from the NAT32 HTTP daemon. Numerous code samples can be found in the htm directory of your NAT32 installation.
Note that proxy behaviour requires the httpd_proxy variable to be TRUE (the default is FALSE).
A sample Java class explorer.class is available. It allows NAT32 shell commands to be issued from a window within Internet Explorer. The class may work with other browsers, depending on the degree of compatibility of the installed Java VM.
The HTTP daemon has the following access modes:SEE ALSO0 local Access from localhost only (default). 1 private Access from private addresses only. 3 public Access from all addresses. 7 acl Access from addresses in the Access Control List only.
Localhost (127.0.0.1) always has access.
If password checking is on, the user is prompted for a username and password the first time a browser instance requests access. The username is the name of the Windows account under which NAT32 is running, the password is as specified via the password command. Both values are case-sensitive.
Be sure to turn password checking on if the public access mode is selected. This is because in public mode, Internet port scanners will discover your HTTPD within minutes of going online, and external sites may then try to use its proxy feature to generate fake advertising clicks and similar. Password checking effectively prevents this.
The HTTP daemon is started with the following command in file startup:start httpd port
If you already have an HTTP server running under Windows on the NAT32 machine, a different port number must be specified in argument port.
To stop the daemon, enter the command:kill HTTPD
The hstat and agent commands can be used to interact with the daemon as follows:hstat dx // Debug level x (0 = off) hstat lx // Log level x (0 = off) hstat local | private | public | acl agent "str" // Agent string
HTTPD status values are:Command hstat acl grants access to only those hosts with an IP address listed in file httpd.acl. The command reads that file and updates the server's internal access address list. Partial IP addresses (e.g. 192.168) are allowed.0 down // No HTTPD is running. 1 idle // No connections are currently being processed. 3 busy // One or more connections are currently being processed.
The HTTPD can act as a Web Proxy that fetches all content on behalf of a client via one of the httpget commands. This effectively blocks information leakage via cookies, referrer strings and tracking URLs. In addition, redirection to HTTPS sites is intercepted and the user queried for permission to proceed. Clients can be auto-configured to use the HTTPD proxy via the wpad protocol.
The proxy command can be used to set the proxy parameters that the httpget command will use.
The User-Agent string can be set via the agent "str" command, where str denotes the actual User-Agent string to be used. Be sure to include the string in double-quotes if it contains spaces.
The NAT32 HTTPD supports the WebSocket Protocol as specified in RFC 6455. The protocol allows web clients to establish a persistent TCP connection to a Web Server in order to send and receive text or binary data for almost any purpose. Please see the ws command for more details. An interesting side-effect of the NAT32 ad-blocking feature is that unwanted traffic is redirected to the NAT32 honeypot, which serves file nofile.htm is served and the offending URL is revealed.
httpget, Password Checking, setns, sh, tcl, Web Interface, wpad, wproxy, WebSockets