Name

httpd — UCSPI-TCP HTTP server for static content

Synopsis

httpd {root}

Description

httpd prints requested public files from the root directory hierarchy. The Bernstein convention is for root to be /public/file, but it can use other conventional locations such as /home/publicfile/public or /var/www.

httpd accepts GET and HEAD requests on standard input in HTTP/0.9, HTTP/1.0, and HTTP/1.1 formats, and responds on standard output:

  • HTTP/0.9: httpd prints the requested file and exits.

  • HTTP/1.0: httpd prints an HTTP/1.0 header and the requested file. Then it exits.

  • HTTP/1.1: httpd prints an HTTP/1.1 header and the requested file in chunked format. Then it waits for further requests.

If the file is unopenable or if httpd does not like the request, httpd prints an error message and exits. If httpd runs out of memory, encounters an I/O error, or does not receive an input packet within 60 seconds, it exits silently. httpd also prints local log information on standard error.

httpd has exact-prefix support for If-Modified-Since: it uses code 304 if the Last-Modified contents are an exact prefix of the If-Modified-Since contents.

Normally httpd is run under a UCSPI-TCP server program (tcp-socket-accept, s6-tcpserver, or tcpserver spawning a server program per connection) to handle HTTP connections from hosts around the Internet. It can also be run under a UCSPI-SSL server program.

File handling

A request for http://v/f, where f does not end with a slash, refers to the file named ./v/f inside the root directory hierarchy. A request for http://v/f/, ending in a slash, refers to the file named ./v/f/index.html. httpd always converts the host name v to lowercase. HTTP/0.9 requests and old HTTP/1.0 requests do not specify a host name; in this case httpd uses the host name 0.

If it successfully opens the file, httpd uses the file name to select a file type for HTTP/1.0 and HTTP/1.1.

Unsupported features

httpd does not support file modification requests such as POST. httpd does not support SSI or CGI.

httpd rejects requests specifying Content-Length, Transfer-Encoding, Expect, If-Match, If-None-Match, or If-Unmodified-Since.

httpd does not generate its own directory listings, even if index.html does not exist. httpd rejects requests for directory names without terminating slashes; it does not redirect the requests.

Security

httpd chroots to root when it starts. It then sets its group id and user id to the numbers given in environment variables GID and UID, as set by envuidgid (or equivalent). httpd does not allow dots immediately after slashes in file names. It changes these dots to colons before attempting to open the file.

httpd will refuse to read a file if the file

  • is unreadable to user;

  • is unreadable to group;

  • is unreadable to world;

  • is world-executable without being user-executable; or

  • is anything other than a regular file: a directory, socket, device, etc.

History

httpd was originally part of Daniel J. Bernstein's publicfile toolset in 1999.

Author

Original code and documentation by Daniel J. Bernstein. Documentation modernizations by Jonathan de Boyne Pollard.