KeyFocus - KFWS Support

KF Web Server

About

Screen shots

Download

FAQ

Support

Links

KFWS Support

If you would like support on any aspect of KFWS then please click on this link support request

As KFWS is a freeware product we cannot provide the same level of support as with give to our commercial products.
We do endeavor to answer all emails, but it might take us up to a few days to respond.

When submitting a support request please help us to help you by providing as much information as you can.
Please look at the this page to find out the information we will be looking for.

Before you contact us you might like to try looking if your question is listed in the Frequently Asked Questions page.

Join our mailing list to keep yourself informed of the new releases by going to the mailing list form.

Version History

Version	Date	Description
3.2.0	17 October 2007	New Features: New User Interface The user interface has been given a more modern looking theme.
3.1.1	26 June 2007	Patch for Admin XSS issue KeyFocus issued a patch for a cross site scripting issue that has recently been identified in the KF Web Server admin script. We consider this issue to be of minor severity as it does not affect web sites hosted by the web server. The problem is not in the web server itself but in the admin script hosted by the server. In order to access this script the attacker would need to be logged onto the server locally and have the admin password. With that level of access they would already have complete control of the web server configuration, in effect root access, so there would be no need to use this technique. We do take this issue and all security issues seriously and have issued a patch which can be obtained from the download page.
3.1.0	17 June 2006	New Features: Faster CGI Performance The way the server interacts with CGI applications such as PHP and Perl has be re-written to make it much faster. This is most noticable when the CGI pages are large or when CGI is used to download big files.
3.0.1	16 February 2006	New Features: User Interface Improvements A link to the hosted website has been added to each website in the status menu, allowing the web site to be viewed by a single click. Additional Path Info We have added support for additional virtual directories in the URL as described in the CGI standard. Many scripts use this facility to pass parameters to the script without the need for a query. This has the benefit of providing permalinks. Example: http:://www.mydomain.com/post.php/2005/02/ will call the script /post.php and pass /2005/02/ in the PATH_INFO envorinment variable. This feature is only available for files types set up with a CGI filter map. It is turned off by default as it has a slight impact on performance and can lead to confusion if not required. To enable it go to the Server -> General menu. URL Re-write Rules URL Rewrite Rules are a powerful feature that allows you to manipulate the URL received by the web server into a different form. Rewrite Rules can do everything an alias can do and more, but they are complex to set up. They work by searching the URL for a specified pattern and then replacing it with the substitution text. The pattern is a perl compatible regular expression. The substitution can include 'back-references', which refer to the sub-patterns in the pattern. This allows very sophisticated substitutions to be made.
2.5.0	11 October 2003	Bug fixes: Large CGI post A problem that limited the maximum size of data that could be posted to a CGI page has been removed.
2.4.0	31 August 2003	Bug fixes: Internal enhacements Serveral changes have been made to the server internals to make it faster and more reliable. Change to log format The W3C logfile output has been changed to make it more compatible with the analog log file analyser.
2.2.0	17 April 2003	New Features: CGI Clear Browser Cache If this is checked then CGI pages will contain a no-cache header added to returned page. This ensures a users browser does not store the page for even short perions of time. Use this option if you have a dynamic web site with constantly changing pages. To access this option go to the Web Sites -> Cache sub-menu. Bug fixes: CGI Cache Now works with pages containing queries. Monitor pop up menu The pop up menu now always appears in the correct place.
2.1.0	21 March 2003	New Features: Admin Interface Released As Open Source KeyFocus has released the source code for the Admin Interface to enable you to make custom modifications and translate it into other languages. The Admin Interface has been released under the Mozilla Public License. The rest of KF Web Server is not subject to this license and the source code will not be released. Included in this distribution you will find the source code to the admin interface, system scripts and the supporting image, html and javascript files. Internet Explorer Error Messages When an error message is returned from a web server Microsoft Internet Explorer sometimes decides to display its own error page instead of the error page returned by the server. This was the case with the "404 Not Found" error page returned by KF Web Server. This is a non standard and undocumented Microsoft feature. KF Web Server now returns an error page that Microsoft Internet Explorer will always display. If you are using a "custom error script", then you will have to update it or replace it with the contents of the file "servererror.wkf.new", that is installed as part of this release. Thanks to Hugo González for suggesting a solution to this issue. Bug fixes: Range Requests Problem A flaw in the way the server handled certain types of range request has been corrected. This affected certain special download acceleration tools. Thanks to Jose for bringing this to our attention. Server Running Time The server running time displayed in the status page of the administration interface could be wrong, depending on the time zone. Thanks to all the users who pointed this out.
2.0.1	31 January 2003	Bug fixes: Log Time always in GMT A bug was introduced in version 2.0.0 that caused the server to always use Greenwich Mean Time for log entries even when not specified in the configuration. This has now been fixed. Thanks to Gary Raymond for spotting this one.
2.0.0	25 January 2003	New Features: Rotating Log Files In previous versions all request to a web site were written to a single log file. This means the log file would keep growing. It is now possible to rotate the log files each day, week or month. This makes managing and archiving old log files a lot easier. When a new log file is created the date is added to its name. CGI Executable Direct Execution Certain CGI EXE programs are designed to be run directly from a HTML link. Previously these types of application were not allowed in KFWS for security reasons. It is now possible for them to be executed. Host Wild Card It is now possible to add a wild card to a domain name so that a web site can be matched against a number of similar domain names. A new field called "Server Match Name" has been added to the Advanced screen for each web site. CGI Cache KF Web Server can now cache output from CGI applications. This can lead to a dramatic increase in performance for sites that have a large number of users. Support for large files In previous versions a file was loaded completely into memory, before being sent to a client. A site hosting large files, e.g. 100+ mb, would experience a performance hit as the web server used a lot of the available system memory. This version handles large files in small chunks, without the need for a large amount of memory. Sin Bin The Sin Bin is a mechanism to restrict clients that make excessive demands on the web server, by slowing down responses to their requests, or even excluding them from the server altogether. Disable Range Requests Range requests are used by download utilities to download different parts of a large file simultaneously. Turning off this option will prevent such utilities from working, but not prevent a normal browser from downloading a file. Bug fixes: Monitor Busy Indicator The Monitor Busy Indicator now works when KFWS is installed as a systems service on Windows XP. Bad URL Security Problem A flaw in the way the server handled certain invalid URL paths has been corrected. Thanks to Matt Murphy for bringing this to our attention.
1.0.8	11 October 2002	New Features: Monitor Busy Indicator The system tray monitor now flashes for one minute after the server has served a request. This provides a visible warning that your server is being accessed. Default Mime Type Adding the extension '' to a mime type makes it the default mime type. All files that do not have a recognized extension will be assumed to be the default mime type. Duplicate Extensions* The Admin interface now checks to see if a file extension has been listed with more than one mime type, a common error. Directory Index Sort Order It is now possible to sort the directory index by name, extension, date and size Bug fixes: Log headers W3C log headers are now always added to the initial log files. ActiveHTML Integration Improved integration with this ASP platform
1.0.6	2 August 2002	Bug fixes: Security vulnerability - malformed header A security vulnerability exists in all previous versions where a hacker using a special malformed http header could cause a buffer over-flow. This is fixed in this version. The following event is written to the system log, "Request Error: Invalid header", if someone attempts to attack the server in this way. Thank you to Paul Beechey of QinetiQ for letting us know about this one. PERL Integration A few minor issues getting PERL scripts to work
1.0.5	19 July 2002	Bug fixes: Fixed a problem with running the server as a systems service, which was introduced in version 1.0.4.
1.0.4	17 July 2002	Updated features: Compressed HTTP support Boost your performance by up to three times. Custom error messages Option to control how server errors appear using a custom script. Less Secure File Names Option to accept special characters in file names. IP to Host Name translation Option to perform a reverse DNS look up on a clients IP address in the log file. Better error reporting for CGI problems Helps take the guess work out of fixing integration issues. Bug fixes: Occasional crash when restarting server fixed.
1.0.3	4 July 2002	Bug fixes: Security vulnerability - %00 If the requested URL contains a %00 after a directory name, then the server used to generate an index of the files in the directory. This allowed a hacker to by-pass the default index file. This security flaw does not allow a hacker to view any files or directories that for which permission has not been granted. Thank you to Arnaud Jacques from Securite Info for letting us know about this one. Redirect for directory indexes If the user requests a directory without specifying a trailing slash the server used to return the directories index file immediately. This could lead to problems with relative links in the index file. The server now redirects the browser to the directory name with a trailing slash, to avoid this problem. Thank you to Dan for letting us know about this one. Case sensitive user names The server used to have a problem with matching Realm group members when the user name contained upper-case characters. All user name matching has now been made case insensitive. Thank you to Sepp for letting us know about this one. Changed feature: Restricted file names The set of permitted characters allowed for directory and files names has been tightened. This may prevent some of your files from being accessed. For more details see the on-line FAQ
1.0.2	15 June 2002	Updated features: System Service. KF Web Server and now be installed as a systems service on Windows NT,2000,XP Better log files. We now support both the two industry standard log file formats, NCSA and W3C. Better support for PHP and PERL More detailed statistics CGI Environment display Support for the Opera browser
1.0.1	31 May 2002	First official release

Future Versions

These are some of the features that we are planning:

Non English language versions.
We are looking for more ideas and suggestions. If you have any then please let us have them.