Weblog
27 September 2014, 15:17
A new version of the Hiawatha webserver has been released. The main new feature in this release is the support for websockets. Although I've had several requests for this feature in the past, I had absolutely no response to my request for beta testers for this feature. So, I hope it works well.
Rumor has it that the second patch for the Bash Shellshock vulnerability also doesn't fix it completely. If that's the case, Hiawatha can help. The UrlToolkit's Header option now accepts a wildcard allowing you to match every HTTP header with a certain pattern. Use this wisely, because it comes of course with a performance cost.
UrlTookit {
ToolkitID = block_shellshock
Header * \(\)\s+\{ DenyAccess
}
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
Can we compile WebSocket support OUT of hiawatha, we only want to run that standard server.
Is that possible?
Your UrlToolkit example does not work properly. It produces 403 for all requests.
Refer to my last comment. Do you means?
UrlToolkit {
ToolkitID = block_shellshock
Header * \(\)\s*\{ DenyAccess
}
@Samiux: Yes, thanks for the feedback.
Or is it safe to place it afterwards? Like UseToolkit = block_shellshock, rewrite
My OpenBSD has no bash.
Thanks for your idea!
I was one of those who asked for that feature in the past. I will start using these now but feedback may be slow due to very limited time on my side.