|
|
c85df7cd26
|
Make the improvement consistent with password verification function
|
2024-03-17 10:20:00 +01:00 |
|
|
|
32a92804fa
|
Improve protection against user enumeration
|
2024-03-17 10:17:53 +01:00 |
|
|
|
184060fb79
|
Modified HTTP authentication functionality
|
2024-03-17 10:00:01 +01:00 |
|
|
|
7857e0e2fa
|
Optimize non-standard code functionality
|
2024-03-17 09:30:26 +01:00 |
|
|
|
3493aa4d2d
|
Remove <nocode> (non-standard) tags for bad (broken) directory listing entries
|
2024-03-17 00:59:53 +01:00 |
|
|
|
f1c74cb036
|
Optimized bad (broken) entry generation in directory listing
|
2024-03-17 00:57:47 +01:00 |
|
|
|
c44c796253
|
Optimized some request parameter logging
|
2024-03-17 00:54:47 +01:00 |
|
|
|
db621d9a88
|
Add more use of status code names in http.STATUS_CODES
|
2024-03-17 00:51:34 +01:00 |
|
|
|
4a09b14ff2
|
Change log message for client being in block list
|
2024-03-17 00:48:21 +01:00 |
|
|
|
ba21f655a4
|
Replaced client in the block list error message with generic 403 Forbidden error message
|
2024-03-17 00:46:32 +01:00 |
|
|
|
28244bf2c5
|
Replace some instances of "blacklist" (racist?) with "block list"
|
2024-03-17 00:39:21 +01:00 |
|
|
|
37f3d1d2af
|
Changed CVE-2024-22019 warning text
|
2024-03-17 00:35:44 +01:00 |
|
|
|
e638c5dc1a
|
Added CVE-2024-22019 Node.JS vulnerability warning.
|
2024-03-13 03:00:56 +01:00 |
|
|
|
1e165dcc58
|
Fix wwwredirect function
|
2024-03-09 16:32:01 +01:00 |
|
|
|
52e729f51d
|
Optimize HTTP/1.x compatiblity res.writeHead function
|
2024-03-09 16:10:41 +01:00 |
|
|
|
0e44109776
|
Change error handler for missing HTTP/2 pseudoheaders
|
2024-03-09 16:08:46 +01:00 |
|
|
|
7b0038754e
|
Optimize HTTP/1.x compatibility header setting
|
2024-03-09 16:00:19 +01:00 |
|
|
|
6c8873ce3f
|
Fix comparison optimized in the previous commit
|
2024-03-09 15:57:56 +01:00 |
|
|
|
4a24b9d892
|
Be case insensitive in header name exclusion in shimmed HTTP/1.x res.writeHead method
|
2024-03-09 15:57:30 +01:00 |
|
|
|
70444f3b48
|
Optimize missing header check
|
2024-03-09 15:50:36 +01:00 |
|
|
|
9f8b0f4fe3
|
Remove try/catch block in HTTP/1.x compatibility shim; errors there are non-existent
|
2024-03-09 15:48:23 +01:00 |
|
|
|
8ac546ff67
|
Be case insensitive in header name exclusion in shimmed HTTP/1.x res.setHeader method
|
2024-03-09 15:45:31 +01:00 |
|
|
|
9017b732cc
|
Clean up the code.
|
2024-03-03 02:05:14 +01:00 |
|
|
|
c20aa3d7bc
|
Completely rewrite HTTP to HTTPS redirect functionality
|
2024-03-03 00:01:17 +01:00 |
|
|
|
067d177321
|
Optimized some regular expressions
|
2024-03-02 22:57:27 +01:00 |
|
|
|
3a966d342a
|
Added option to allow URLs with double slashes
|
2024-03-02 22:54:03 +01:00 |
|
|
|
47803c217b
|
Fix URL rewriter always remove double slashes
|
2024-03-02 22:45:27 +01:00 |
|
|
|
cbbe4c9bc5
|
Fix errors with web root postfix adding functionality
|
2024-03-02 22:41:26 +01:00 |
|
|
|
0f0c1b22ab
|
Prepare web root postfix adding functionality for double slash URL support
|
2024-03-02 22:21:49 +01:00 |
|
|
|
d633707ea5
|
Prevent redirect loops with fallback replacement
|
2024-03-02 22:11:50 +01:00 |
|
|
|
2f232614a2
|
Fix URL rewriting on URLs with double slashes
|
2024-03-02 22:02:24 +01:00 |
|
|
|
28d633884e
|
Prepare for double slash URL support
|
2024-03-02 21:54:07 +01:00 |
|
|
|
bd5ab63954
|
Change lookahead token order in two URL sanitation regular expressions
|
2024-02-28 21:45:47 +01:00 |
|
|
|
ae630a1625
|
URL sanitizer function now uses less regular expression replacements.
|
2024-02-28 21:43:43 +01:00 |
|
|
|
b829414f4c
|
Fixed bug with URLs beginning with multiple slashes being rewritten incorrectly.
|
2024-02-11 21:26:26 +01:00 |
|
|
|
2589eff15f
|
Added new SVR.JS mod and server-side JavaScript variable: authUser.
|
2024-02-07 00:35:00 +01:00 |
|
|
|
9f15a08378
|
Add some code comments
|
2024-02-02 19:49:30 +01:00 |
|
|
|
d85dedea65
|
Clean up the code.
|
2024-02-02 19:32:40 +01:00 |
|
|
|
88e923ffbc
|
Fixed SVR.JS crashes with X-SVR-JS-From-Main-Thread header and unspecified client request IPs
|
2024-02-02 19:23:45 +01:00 |
|
|
|
4d69f6f1a7
|
Add IP-based virtual hosts alongside hostname-based virtual hosts
|
2024-02-02 19:08:49 +01:00 |
|
|
|
ea228114e1
|
Head and foot inclusion is now returning 500 error in case of server error instead of server crash.
|
2024-01-24 19:48:50 +00:00 |
|
|
|
e172c2c005
|
Fix web root postfix prefix support
|
2024-01-24 19:06:00 +00:00 |
|
|
|
e29d1aa3aa
|
Fix syntax error from previous commit.
|
2024-01-24 18:53:29 +00:00 |
|
|
|
5fdbc898d0
|
Add support for web root postfix prefixes.
|
2024-01-24 18:52:05 +00:00 |
|
|
|
6abe280ee8
|
Add support for web root postfixes (for every host)
|
2024-01-23 07:00:23 +01:00 |
|
|
|
6a9afcbc26
|
Add support for useClientCertificate, rejectUnauthorizedClientCertificates, cipherSuite, ecdhCurve, tlsMinVersion, tlsMaxVersion, signatureAlgorithms and http2Settings config.json properties.
|
2024-01-22 23:21:01 +01:00 |
|
|
|
1a2019664a
|
Fixed error handling for invalid URL rewrite regexes. Also fixed bug with HTTP proxy not working.
|
2024-01-18 01:12:09 +01:00 |
|
|
|
60a84d879d
|
Clean up the code (remove trailing spaces)
|
2024-01-14 19:01:49 +01:00 |
|
|
|
db6c4faeaf
|
Mitigate log file injection vulnerability at mod file names.
|
2024-01-14 19:00:27 +01:00 |
|
|
|
e1e9338806
|
SVR.JS no longer crashes, when access to a log file is denied.
|
2024-01-14 09:00:08 +01:00 |
|
|
|
e11dd8d5b5
|
Mitigated log file injection for HTTP authentication
|
2024-01-14 08:41:11 +01:00 |
|
|
|
55dfa0ad1e
|
Fixed typo that caused 500 error with 308 code redirects
|
2024-01-13 10:25:42 +01:00 |
|
|
|
9569c7b7fd
|
Added support for 307 and 308 redirects (both in config.json and in redirect() SVR.JS API method)
|
2024-01-13 08:36:00 +01:00 |
|
|
|
03556813ec
|
Reformatted the source code
|
2024-01-13 08:25:38 +01:00 |
|
|
|
1123f40961
|
Cleaned up the code
|
2024-01-13 08:09:32 +01:00 |
|
|
|
4179e4020c
|
Dropped support for svrmodpack; SVR.JS LTS versions will still have svrmodpack support.
|
2024-01-13 08:01:05 +01:00 |
|
|
|
7e73cb68d3
|
Added support for skipping URL rewriting, when the URL refers to a file or a directory.
|
2024-01-13 07:53:16 +01:00 |
|
|
|
d942342106
|
Changed rewriteURL method to use callbacks.
|
2024-01-13 07:34:28 +01:00 |
|
|
|
7a6661b895
|
Fix searchHostname function
|
2023-12-30 23:43:07 +01:00 |
|
|
|
b0ed92d8ac
|
Removed all remnants of "DorianTech" in SVR.JS
|
2023-12-24 19:17:34 +01:00 |
|
|
|
7be1c2a73b
|
Fixed host name rewriting
|
2023-12-16 08:59:49 +01:00 |
|
|
|
949e799d45
|
Improved SNI and host header processing
|
2023-12-15 23:28:06 +01:00 |
|
|
|
e68118ecbc
|
Improve on new SNI-related changes
|
2023-12-15 00:50:33 +01:00 |
|
|
|
aac6323401
|
Add Host header processing
|
2023-12-15 00:15:54 +01:00 |
|
|
|
63f8e98add
|
SVR.JS now refuses to start with misconfigured SNI in order to prevent ReDoS vulnerabilities.
|
2023-12-15 00:05:22 +01:00 |
|
|
|
179ebf6a7f
|
Changed secure context regex generation
|
2023-12-14 23:45:50 +01:00 |
|
|
|
355d20a2c1
|
Optimized some anti-XSS measures
|
2023-12-12 23:22:06 +01:00 |
|
|
|
2faf1e9c61
|
Mitigated even more XSS vulnerabilities.
|
2023-12-12 23:19:29 +01:00 |
|
|
|
8bad3f918c
|
Fixed multiple XSS vulnerabilities
|
2023-12-12 23:09:39 +01:00 |
|
|
|
5950d326fe
|
Clean up res.writeHead wraooer code
|
2023-12-12 22:37:23 +01:00 |
|
|
|
5902dd52fc
|
Added client errors, server errors, and malformed HTTP request counts to SVR.JS status page.
|
2023-12-12 22:29:27 +01:00 |
|
|
|
2fb4c52777
|
Make status page code more readable.
|
2023-12-12 22:19:51 +01:00 |
|
|
|
953c95f485
|
Fixes bug in the sizify function
|
2023-12-07 09:56:09 +01:00 |
|
|
|
ab69abf2da
|
Fixed bug with URL rewriting and trailing slash redirection
|
2023-12-03 16:18:21 +01:00 |
|
|
|
2cab4349f9
|
Minor code style corrections
|
2023-12-03 14:04:38 +01:00 |
|
|
|
7229661c8e
|
Replace all instances of "ex" with "err"
|
2023-12-03 14:00:52 +01:00 |
|
|
|
ebe310eca6
|
Clean up SVR.JS code
|
2023-12-03 13:58:35 +01:00 |
|
|
|
caf2ad685d
|
Fix environment variable support (after testing)
|
2023-12-03 13:55:56 +01:00 |
|
|
|
d02c9754c9
|
Invalid compression exclusion list regexes no longer crash SVR.JS
|
2023-12-03 13:09:56 +01:00 |
|
|
|
17def48271
|
Changed invalid regex error message
|
2023-12-03 13:07:28 +01:00 |
|
|
|
0ed74bc55d
|
Change base 1000 size prefixes to base 1024.
|
2023-12-03 12:51:05 +01:00 |
|
|
|
ae1738166f
|
Add new config.json option - environmentVariables.
|
2023-12-03 12:11:15 +01:00 |
|
|
|
1f42691cbc
|
Correct language errors
|
2023-12-03 12:05:14 +01:00 |
|
|
|
024d6cc2d3
|
SVR.JS now saves configuration files with trailing newlines.
|
2023-12-03 12:02:49 +01:00 |
|
|
|
5321f2c6a7
|
Added trailing slash redirect support
|
2023-12-03 11:55:19 +01:00 |
|
|
|
10b7da09ae
|
Corrected language errors in console error messages.
|
2023-11-12 19:52:59 +01:00 |
|
|
|
13603adf1b
|
Fix even more language errors in HTTP error message descriptions.
|
2023-11-12 19:47:32 +01:00 |
|
|
|
fad9dc61ae
|
Fix multiple language errors in HTTP error message descriptions.
|
2023-11-12 18:59:24 +01:00 |
|
|
|
b38e1cea5f
|
Fixed crashes due of destroyed HTTP/2 stream (Node.JS bug: https://github.com/nodejs/node/issues/24470)
|
2023-11-12 18:41:06 +01:00 |
|
|
|
ae45c2e132
|
SVR.JS now sends configuration file saving request to one random good worker instead of all workers to prevent configuration file corruption.
|
2023-11-12 18:33:29 +01:00 |
|
|
|
fccc0ef7ca
|
Fixed bug with non-standard code regex replacements
|
2023-09-17 23:32:42 +02:00 |
|
|
|
a2ecbe4c5a
|
Optimize mod loader
|
2023-09-12 23:19:14 +02:00 |
|
|
|
84b7cac684
|
Fix bug with mods executing in wrong order (bug was related with access control vulnerability fix; bug was not present in LTS versions)
|
2023-09-12 23:15:55 +02:00 |
|
|
|
c8c069aceb
|
Rename properDirectoryListingServe function to properDirectoryListingAndStaticFileServe.
|
2023-09-12 19:50:39 +02:00 |
|
|
|
75e987dcf4
|
Removed undocumented and non-working code.
|
2023-09-12 19:34:34 +02:00 |
|
|
|
e84bb426a7
|
Replace sizify function with new one.
|
2023-09-12 19:21:13 +02:00 |
|
|
|
5a567d09d1
|
Drop dependency on "pretty-bytes" module
|
2023-09-12 18:27:15 +02:00 |
|
|
|
e048156e18
|
Remove "invoke500.svr" and "crash.svr" (only activated in nightly versions, not in stable or LTS)
|
2023-09-12 18:11:11 +02:00 |
|
|
|
8050fc766e
|
Partially revert commit 193cede707
|
2023-09-11 23:21:14 +02:00 |
|
|
|
193cede707
|
Optimize responseEnd method
|
2023-09-11 23:08:02 +02:00 |
|
