KeyFocus KF Web Server Help 

 

KF Web Server Release Notes

A help document is not included in this release.

For more information on how to manage KF Web Server look at the on-line F.A.Q.

Version 2.1.0 - 21 March 2003

New Features:
  1. Admin Interface Released As Open Source
    KeyFocus has released the source code for the Admin Interface to enable you to make custom modifications and translate it into other languages.
    The Admin Interface has been released under the Mozilla Public License.
    The rest of KF Web Server is not subject to this license and the source code will not be released.
    Included in this distribution you will find the source code to the admin interface, system scripts and the supporting image, html and javascript files.
  2. Internet Explorer Error Messages
    When an error message is returned from a web server Microsoft Internet Explorer sometimes decides to display its own error page instead of the error page returned by the server. This was the case with the "404 Not Found" error page returned by KF Web Server. This is a non standard and undocumented Microsoft feature.
    KF Web Server now returns an error page that Microsoft Internet Explorer will always display.
    If you are using a "custom error script", then you will have to update it or replace it with the contents of the file "servererror.wkf.new", that is installed as part of this release.
    Thanks to Hugo González for suggesting a solution to this issue.
Bug fixes:
  1. Range Requests Problem
    A flaw in the way the server handled certain types of range request has been corrected.
    This affected certain special download acceleration tools.
    Thanks to Jose for bringing this to our attention.
  2. Server Running Time
    The server running time displayed in the status page of the administration interface could be wrong, depending on the time zone.
    Thanks to all the users who pointed this out.

Version 2.0.0 - 22 January 2003

New Features:
  1. Rotating Log Files
    In previous versions all request to a web site were written to a single log file. This means the log file would keep growing. It is now possible to rotate the log files each day, week or month. This makes managing and archiving old log files a lot easier. When a new log file is created the date is added to its name.
  2. CGI Executable Direct Execution
    Certain CGI EXE programs are designed to be run directly from a HTML link. Previously these types of application were not allowed in KFWS for security reasons. It is now possible for them to be executed.
  3. Host Wild Card
    It is now possible to add a wild card to a domain name so that a web site can be matched against a number of similar domain names. A new field called "Server Match Name" has been added to the Advanced screen for each web site.
  4. CGI Cache
    KF Web Server can now cache output from CGI applications. This can lead to a dramatic increase in performance for sites that have a large number of users.
  5. Support for large files
    In previous versions a file was loaded completely into memory, before being sent to a client. A site hosting large files, e.g. 100+ mb, would experience a performance hit as the web server used a lot of the available system memory. This version handles large files in small chunks, without the need for a large amount of memory.
  6. Sin Bin
    The Sin Bin is a mechanism to restrict clients that make excessive demands on the web server, by slowing down responses to their requests, or even excluding them from the server altogether.
  7. Disable Range Requests
    Range requests are used by download utilities to download different parts of a large file simultaneously. Turning off this option will prevent such utilities from working, but not prevent a normal browser from downloading a file.
Bug fixes:
  1. Bad URL Security Problem
    A flaw in the way the server handled certain invalid URL paths has been corrected.
    Thanks to Matt Murphy for bringing this to our attention.

Version 1.0.8 - 11 October 2002

New Features:
  1. Monitor Busy Indicator
    The system tray monitor now flashes for one minute after the server has served a request. This provides a visible warning that your server is being accessed.
  2. Default Mime Type
    Adding the extension '*' to a mime type makes it the default mime type. All files that do not have a recognized extension will be assumed to be the default mime type.
  3. Duplicate Extensions
    The Admin interface now checks to see if a file extension has been listed with more than one mime type, a common error.
  4. Directory Index Sort Order
    It is now possible to sort the directory index by name, extension, date and size
Bug fixes:
  1. Log headers
    W3C log headers are now always added to the initial log files.
  2. ActiveHTML Integration
    Improved integration with this ASP platform

Version 1.0.6 - 2 August 2002

Bug fixes:
  1. Security vulnerability - malformed header
    A security vulnerability exists in all previous versions where a hacker using a special malformed http header could cause a buffer over-flow. This is fixed in this version.
    The following event is written to the system log, "Request Error: Invalid header", if someone attempts to attack the server in this way.
    Thank you to Paul Beechey of QinetiQ for letting us know about this one.
  2. PERL Integration
    A few minor issues getting PERL scripts to work

Version 1.0.4 - 17 July 2002

Updated features:
  1. Compressed HTTP support
    Boost your performance by up to 70%
  2. Custom error messages
    Option to control how server errors appear using a custom script.
  3. Less Secure File Names
    Option to accept special characters in file names.
  4. IP to Host Name translation
    Option to perform a reverse DNS look up on a clients IP address in the log file.
  5. Better error reporting for CGI problems
    Helps take the guess work out of fixing integration issues.
Bug fixes:
  1. Occasional crash when restarting server fixed.

Version 1.0.3 - 4 July 2002

Bug fixes:
  1. Security vulnerability - %00
    If the requested URL contains a %00 after a directory name, then the server used to generate an index of the files in the directory. This allowed a hacker to by-pass the default index file. This security flaw does not allow a hacker to view any files or directories that for which permission has not been granted.
    Thank you to Arnaud Jacques from Securite Info for letting us know about this one.
  2. Redirect for directory indexes
    If the user requests a directory without specifying a trailing slash the server used to return the directories index file immediately. This could lead to problems with relative links in the index file. The server now redirects the browser to the directory name with a trailing slash, to avoid this problem.
    Thank you to Dan for letting us know about this one.
  3. Case sensitive user names
    The server used to have a problem with matching Realm group members when the user name contained upper-case characters. All user name matching has now been made case insensitive.
    Thank you to Sepp for letting us know about this one.
Changed feature:
  1. Restricted file names
    The set of permitted characters allowed for directory and files names has been tightened. This may prevent some of your files from being accessed. For more details see the on-line FAQ

Version 1.0.2 - 15 June 2002

Updated features:
  1. System Service. KF Web Server and now be installed as a systems service on Windows NT,2000,XP
  2. Better log files. We now support both the two industry standard log file formats, NCSA and W3C.
  3. Better support for PHP and PERL
  4. More detailed statistics
  5. CGI Environment display
  6. Support for the Opera browser