NAT32

Reference Manual

NAME

httpd - the NAT32 HTTP daemon
SYNOPSIS
start httpd [port]
hstat [local | private | public | acl | confirm | cx | dx | lx | wx]
proxy [on|off] | [hostname:port] | [username password]
agent ["str"]

 

...
DESCRIPTION
The HTTP daemon listens for incoming HTTP GET requests at the port number specified in argument port. If no port number is specified, the default port 8080 is used. Because HTTPD communicates via Winsock, the daemon listens at the Windows IP addresses, not the NAT32 IP addresses. Any desired web browser can be used to access files in NAT32's htm directory. Access to any other directory is not possible.

Command execution (Active Content) is supported via GET requests of the following formats:

GET /shell?cmd=command+arg1+arg2+... http/1.1
GET /tcl?cmd=command+arg1+arg2+..... http/1.1
GET http://......................... http/1.1
GET /file?name=value................ http/1.1
GET /filename....................... http/1.1

POST requests are also supported.

Note that the Active Content feature only works for pages loaded from the NAT32 HTTP daemon. Numerous code samples can be found in the htm directory of your NAT32 installation.

Note that proxy behaviour requires the httpd_proxy variable to be TRUE (the default is FALSE).

NOTES
The HTTP daemon has the following access modes:
 0 local       Access from the NAT32 machine only (default).
 1 private     Access from private addresses only.
 2 public      Access from all addresses.
 3 acl         Access from addresses in the Access Control List only.

Localhost (127.0.0.1) access is not possible.

If confirmation has been turned on with command hstat confirm, access is only allowed if the HTTP client's IP address appears in the Netwood Neighbourhood list described here.

The HTTP daemon is started with the following command in file startup:

start httpd port

If you already have an HTTP server running under Windows on the NAT32 machine, a different port number must be specified in argument port.

To stop the daemon, enter the command:

kill HTTPD

The hstat and agent commands can be used to interact with the daemon as follows:

hstat cx            // Confirmation x (0 = off)
hstat dx            // Debug level  x (0 = off)
hstat lx            // Log   level  x (0 = off)
hstat local | private | public | acl | confirm

agent "str"         // Agent string

HTTPD status values are:

0 down        // No HTTPD is running.
1 idle        // No connections are currently being processed.
3 busy        // One or more connections are currently being processed.
Command hstat acl grants access to only those hosts with an IP address listed in file httpd.acl. The command reads that file and updates the server's internal access address list. Partial IP addresses (e.g. 192.168) are allowed.

The HTTPD can act as a Web Proxy that fetches all content on behalf of a client via one of the httpget commands. This effectively blocks information leakage via cookies, referrer strings and tracking URLs. In addition, redirection to HTTPS sites is intercepted and the user queried for permission to proceed. Clients can be auto-configured to use the HTTPD proxy via the wpad protocol.

The proxy command can be used to set the proxy parameters that the httpget command will use.

The User-Agent string can be set via the agent "str" command, where str denotes the actual User-Agent string to be used. Be sure to include the string in double-quotes if it contains spaces.

The file nat32.js contains several NAT32 variables and functions for use in Javascript web pages. The file is created with command: jsf executed at startup. The jsf command can be issued at any time to update file nat32.js. The file mynat32.htm is also generated by command jsf, and it contains a URL with the current port number of the HTTPD.

The NAT32 HTTPD supports the WebSocket Protocol as specified in RFC 6455. The protocol allows web clients to establish a persistent TCP connection to a Web Server in order to send and receive text or binary data for almost any purpose. Please see the ws command for more details.
An interesting side-effect of the NAT32 ad-blocking feature is that unwanted traffic is redirected to the NAT32 honeypot, which serves file nofile.htm and the offending URL is revealed.
SEE ALSO
httpget, Password Checking, setns, sh, tcl, Web Interface, wpad, wproxy, WebSockets