Reference Manual

NAME

httpd - the NAT32 HTTP daemon

start httpd [port]
hstat [local | private | public | acl | dx | lx]
proxy [on|off] | [hostname:port] | [username password]
agent ["str"]

The HTTP daemon listens for incoming HTTP GET requests at the port number specified in argument port. If no port number is specified, the default port 8080 is used. Because HTTPD communicates via Winsock, the daemon listens at the Windows IP addresses, not the NAT32 IP addresses. Any standard Web Browser can be used to access files in NAT32's htm directory. Access to any other directory is not possible.

Command execution (Active Content) is supported via GET requests of the following formats:

GET /shell?cmd=command+arg1+arg2+... http/1.1
GET /tcl?cmd=command+arg1+arg2+..... http/1.1
GET /java?cmd=command+arg1+arg2+.... http/1.1
GET http://......................... http/1.1
GET /file?name=value................ http/1.1
GET /filename....................... http/1.1

Note that the Active Content feature only works for pages loaded from the NAT32 HTTP daemon. Numerous code samples can be found in the htm directory of your NAT32 installation.

A sample Java class explorer.class is available. It allows NAT32 shell commands to be issued from a window within Internet Explorer. The class may work with other browsers, depending on the degree of compatibility of the installed Java VM.

The HTTP daemon has the following access modes:

0 local       Access from localhost only (default).
1 private     Access from private addresses only.
3 public      Access from all addresses.
7 acl         Access from addresses in the Access Control List only.

Localhost (127.0.0.1) always has access.

If password checking is on, the user is prompted for a username and password the first time a browser instance requests access. The username is the name of the Windows account under which NAT32 is running, the password is your NAT32 password. Both values are case-sensitive.

Be sure to turn password checking on if the public access mode is selected. This is because in public mode, Internet port scanners will find your HTTPD within minutes of going online, and external sites will then try to use its proxy feature to generate fake advertising clicks and similar. Password checking effectively prevents this.

The HTTP daemon is started with the following command in file startup:

start httpd port

If you already have an HTTP server running under Windows on the NAT32 machine, a different port number must be specified in argument port.

To stop the daemon, enter the command:

kill HTTPD

The hstat and agent commands can be used to interact with the daemon as follows:

hstat dx            // Debug level x (0 = off)
hstat lx            // Log   level x (0 = off)
hstat local | private | public | acl

agent "str"         // Agent string

HTTPD status values are:

0 down        // No HTTPD is running.
1 idle        // No connections are currently being processed.
3 busy        // One or more connections are currently being processed.

Command hstat acl grants access to only those hosts with an IP address listed in file httpd.acl. The command reads that file and updates the server's internal access address list. Partial IP addresses (e.g. 192.168) are allowed.

The HTTPD can act as a Web Proxy and fetches all content on behalf of a client via the httpget command. This effectively blocks information leakage caused by cookies and referrer strings. The proxy command can be used to set the proxy parameters that the httpget command will use.

The User-Agent string can be set via the agent "str" command, where str denotes the actual User-Agent string to be used. Be sure to include the string in double-quotes if it contains spaces.

The file nat32.js contains several NAT32 variables and functions for use in Javascript web pages. The file is created with command: jsf executed at startup. The jsf command can be issued at any time to update file nat32.js. The file mynat32.htm is also generated by command jsf, and it contains a URL with the correct port number for the HTTPD.

An interesting side-effect of the NAT32 ad-blocking feature (see setns) is that unwanted traffic is redirected to 127.0.0.1:80, and if the NAT32 HTTPD is listening at that port, the file nopage.htm is served and the offending URL revealed.

httpget, Password Checking, setns, sh, tcl, Web Interface